Not all Git-over-SSH servers run a Bourne shell on the remote side
to evaluate the command we are sending. Some servers run git-shell,
which will fail to execute git-upload-pack if we feed it a quoted
string for the name git-upload-pack.
Testing concludes that git-shell requires the command name to never
be quoted, and the argument name to always be single quoted. As
this is a long-standing behavior in the wild jgit needs to conform,
as git-shell and all git-shell work-a-likes such as gitosis may be
following the same convention.
Signed-off-by: Shawn O. Pearce <spearce@xxxxxxxxxxx>
---
If there are no arguments I'll push this into the public tree.
It seems right on the surface, and is necessary to use jgit against
repo.or.cz, and probably many other sites like it.
.../spearce/jgit/transport/TransportGitSsh.java | 22 ++++++++++++++++++-
1 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/org.spearce.jgit/src/org/spearce/jgit/transport/TransportGitSsh.java b/org.spearce.jgit/src/org/spearce/jgit/transport/TransportGitSsh.java
index d31c525..8944df7 100644
--- a/org.spearce.jgit/src/org/spearce/jgit/transport/TransportGitSsh.java
+++ b/org.spearce.jgit/src/org/spearce/jgit/transport/TransportGitSsh.java
@@ -88,6 +88,24 @@ class TransportGitSsh extends PackTransport {
return new SshFetchConnection();
}
+ private static void sqMinimal(final StringBuilder cmd, final String val) {
+ if (val.matches("^[a-zA-Z0-9._/-]*$")) {
+ // If the string matches only generally safe characters
+ // that the shell is not going to evaluate specially we
+ // should leave the string unquoted. Not all systems
+ // actually run a shell and over-quoting confuses them
+ // when it comes to the command name.
+ //
+ cmd.append(val);
+ } else {
+ sq(cmd, val);
+ }
+ }
+
+ private static void sqAlways(final StringBuilder cmd, final String val) {
+ sq(cmd, val);
+ }
+
private static void sq(final StringBuilder cmd, final String val) {
int i = 0;
@@ -157,9 +175,9 @@ class TransportGitSsh extends PackTransport {
path = (uri.getPath().substring(1));
final StringBuilder cmd = new StringBuilder();
- sq(cmd, exe);
+ sqMinimal(cmd, exe);
cmd.append(' ');
- sq(cmd, path);
+ sqAlways(cmd, path);
channel.setCommand(cmd.toString());
channel.setErrStream(System.err);
channel.connect();
--
1.5.6.74.g8a5e
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
