From 2703ad402cb306b67cc0c96adfbd5335f0aff943 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Thu, 30 Oct 2014 00:38:04 +0000 Subject: [PATCH] Add `: dgit ... ;' to the front of ssh remote commands, for the benefit of forced command wrappers --- debian/changelog | 4 ++++ dgit | 16 ++++++++++------ 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/debian/changelog b/debian/changelog index 9a3d7443..cc027789 100644 --- a/debian/changelog +++ b/debian/changelog @@ -14,6 +14,10 @@ dgit (0.23~) unstable; urgency=low * Distro access configuration handling changes (should not be noticeable to most users). + * Add :..; prefix to ssh remote commands, for the benefit of future + forced command wrappers. Implicitly, this defines a new ssh-based + command protocol. + -- dgit (0.22.1) unstable; urgency=high diff --git a/dgit b/dgit index 3c311400..6e175ad2 100755 --- a/dgit +++ b/dgit @@ -819,8 +819,8 @@ sub canonicalise_suite_madison { return $r[0][2]; } -sub sshpsql ($$) { - my ($data,$sql) = @_; +sub sshpsql ($$$) { + my ($data,$runeinfo,$sql) = @_; if (!length $data) { $data= access_someuserhost('sshpsql').':'. access_cfg('sshpsql-dbname'); @@ -829,7 +829,9 @@ sub sshpsql ($$) { my ($userhost,$dbname) = ($`,$'); #'; my @rows; my @cmd = (access_cfg_ssh, $userhost, - "export LANG=C; ".shellquote qw(psql -A), $dbname, qw(-c), $sql); + ": dgit ssh-psql $runeinfo ;". + " export LANG=C;". + " ".shellquote qw(psql -A), $dbname, qw(-c), $sql); printcmd(\*DEBUG,$debugprefix."|",@cmd) if $debug>0; open P, "-|", @cmd or die $!; while (

) { @@ -849,13 +851,13 @@ sub sshpsql ($$) { } sub sql_injection_check { - foreach (@_) { die "$_ $& ?" if m/[']/; } + foreach (@_) { die "$_ $& ?" if m{[^-+=:_.,/0-9a-zA-Z]}; } } sub archive_query_sshpsql ($$) { my ($proto,$data) = @_; sql_injection_check $isuite, $package; - my @rows = sshpsql($data, <