From d7ca1f5bfd6114c87cad3297b10e0578387c026b Mon Sep 17 00:00:00 2001 From: Dennis Keitzel Date: Fri, 24 Mar 2017 15:46:04 +0100 Subject: [PATCH] Fix parsing of environment variables. The inbuilt SSH server supports setting environment variable received from SSH clients. However, parsing of those variables was completely broken and success depended on chance. This new implementation uses standard operations from the crypto/ssh module to parse the SSH wire format. Signed-off-by: Dennis Keitzel --- modules/ssh/ssh.go | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/modules/ssh/ssh.go b/modules/ssh/ssh.go index 36a383fa8..30f4e84b0 100644 --- a/modules/ssh/ssh.go +++ b/modules/ssh/ssh.go @@ -21,6 +21,12 @@ import ( "code.gitea.io/gitea/modules/setting" ) +// environmentVariable will be used to parse environment variables from the SSH wire format. +type environmentVariable struct { + Name string + Value string +} + func cleanCommand(cmd string) string { i := strings.Index(cmd, "git") if i == -1 { @@ -48,16 +54,14 @@ func handleServerConn(keyID string, chans <-chan ssh.NewChannel) { payload := cleanCommand(string(req.Payload)) switch req.Type { case "env": - args := strings.Split(strings.Replace(payload, "\x00", "", -1), "\v") - if len(args) != 2 { - log.Warn("SSH: Invalid env arguments: '%#v'", args) + env := environmentVariable{} + if err := ssh.Unmarshal(req.Payload, &env); err != nil { + log.Warn("SSH: Unable to parse environment variable: %v", err) continue } - args[0] = strings.TrimLeft(args[0], "\x04") - _, _, err := com.ExecCmdBytes("env", args[0]+"="+args[1]) - if err != nil { - log.Error(3, "env: %v", err) - return + if _, _, err = com.ExecCmdBytes("env", env.Name+"="+env.Value); err != nil { + log.Warn("SSH: Unable to set environment variable %v=%v: %v", env.Name, env.Value, err) + continue } case "exec": cmdName := strings.TrimLeft(payload, "'()")