USEFULL
/
gogs
mirror of https://github.com/gogs/gogs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ssh: make `env` command a passthrough (#7868) 

## Describe the pull request

Fixes
https://github.com/gogs/gogs/security/advisories/GHSA-vm62-9jw3-c8w3
pull/7869/head
Joe Chen 2024-12-22 14:56:31 -05:00 committed by GitHub
parent fb7812b194
commit 009a1855aa
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 8 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
internal/database/ssh_key.go
View File

@ -447,8 +447,9 @@ func GetPublicKeyByID(keyID int64) (*PublicKey, error) {
return key, nil return key, nil
} }
// SearchPublicKeyByContent searches content as prefix (leak e-mail part) // SearchPublicKeyByContent searches a public key using the content as prefix
// and returns public key found. // (i.e. ignore the email part). It returns ErrKeyNotExist if no such key
// exists.
func SearchPublicKeyByContent(content string) (*PublicKey, error) { func SearchPublicKeyByContent(content string) (*PublicKey, error) {
key := new(PublicKey) key := new(PublicKey)
has, err := x.Where("content like ?", content+"%").Get(key) has, err := x.Where("content like ?", content+"%").Get(key)

27
internal/ssh/ssh.go
View File

@ -6,7 +6,6 @@ package ssh
import ( import (
"context" "context"
"fmt"
"io" "io"
"net" "net"
"os" "os"
@ -55,26 +54,8 @@ func handleServerConn(keyID string, chans <-chan ssh.NewChannel) {
payload := cleanCommand(string(req.Payload)) payload := cleanCommand(string(req.Payload))
switch req.Type { switch req.Type {
case "env": case "env":
var env struct { // We only need to accept the request and do nothing since whatever environment
Name string // variables being set here won't be used in subsequent commands anyway.
Value string
}
if err := ssh.Unmarshal(req.Payload, &env); err != nil {
log.Warn("SSH: Invalid env payload %q: %v", req.Payload, err)
continue
}
// Sometimes the client could send malformed command (i.e. missing "="),
// see https://discuss.gogs.io/t/ssh/3106.
if env.Name == "" || env.Value == "" {
log.Warn("SSH: Invalid env arguments: %+v", env)
continue
}
_, stderr, err := com.ExecCmd("env", fmt.Sprintf("%s=%s", env.Name, env.Value))
if err != nil {
log.Error("env: %v - %s", err, stderr)
return
}
case "exec": case "exec":
cmdName := strings.TrimLeft(payload, "'()") cmdName := strings.TrimLeft(payload, "'()")
@ -175,7 +156,9 @@ func Listen(opts conf.SSHOpts, appDataPath string) {
PublicKeyCallback: func(conn ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) { PublicKeyCallback: func(conn ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) {
pkey, err := database.SearchPublicKeyByContent(strings.TrimSpace(string(ssh.MarshalAuthorizedKey(key)))) pkey, err := database.SearchPublicKeyByContent(strings.TrimSpace(string(ssh.MarshalAuthorizedKey(key))))
if err != nil { if err != nil {
log.Error("SearchPublicKeyByContent: %v", err) if !database.IsErrKeyNotExist(err) {
log.Error("SearchPublicKeyByContent: %v", err)
}
return nil, err return nil, err
} }
return &ssh.Permissions{Extensions: map[string]string{"key-id": com.ToStr(pkey.ID)}}, nil return &ssh.Permissions{Extensions: map[string]string{"key-id": com.ToStr(pkey.ID)}}, nil