Fix parsing of environment variables.

The inbuilt SSH server supports setting environment variable received from SSH clients. However, parsing of those variables was completely broken and success depended on chance. This new implementation uses standard operations from the crypto/ssh module to parse the SSH wire format. Signed-off-by: Dennis Keitzel <github@pinshot.net>
2017-03-24 15:46:04 +01:00 · 2017-03-24 15:46:04 +01:00 · d7ca1f5bfd
commit d7ca1f5bfd
parent 9fbdd7d787
1 changed files with 12 additions and 8 deletions
--- a/modules/ssh/ssh.go
+++ b/modules/ssh/ssh.go
@ -21,6 +21,12 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 )

+// environmentVariable will be used to parse environment variables from the SSH wire format.
+type environmentVariable struct {
+	Name  string
+	Value string
+}
+
 func cleanCommand(cmd string) string {
 	i := strings.Index(cmd, "git")
 	if i == -1 {
@ -48,16 +54,14 @@ func handleServerConn(keyID string, chans <-chan ssh.NewChannel) {
 				payload := cleanCommand(string(req.Payload))
 				switch req.Type {
 				case "env":
-					args := strings.Split(strings.Replace(payload, "\x00", "", -1), "\v")
-					if len(args) != 2 {
-						log.Warn("SSH: Invalid env arguments: '%#v'", args)
+					env := environmentVariable{}
+					if err := ssh.Unmarshal(req.Payload, &env); err != nil {
+						log.Warn("SSH: Unable to parse environment variable: %v", err)
 						continue
 					}
-					args[0] = strings.TrimLeft(args[0], "\x04")
-					_, _, err := com.ExecCmdBytes("env", args[0]+"="+args[1])
-					if err != nil {
-						log.Error(3, "env: %v", err)
-						return
+					if _, _, err = com.ExecCmdBytes("env", env.Name+"="+env.Value); err != nil {
+						log.Warn("SSH: Unable to set environment variable %v=%v: %v", env.Name, env.Value, err)
+						continue
 					}
 				case "exec":
 					cmdName := strings.TrimLeft(payload, "'()")