Index: subversion/libsvn_ra_svn/client.c =================================================================== --- subversion/libsvn_ra_svn/client.c (revision 1803926) +++ subversion/libsvn_ra_svn/client.c (working copy) @@ -46,6 +46,7 @@ #include "svn_props.h" #include "svn_mergeinfo.h" #include "svn_version.h" +#include "svn_ctype.h" #include "svn_private_config.h" @@ -395,7 +396,7 @@ * versions have it too. If the user is using some other ssh * implementation that doesn't accept it, they can override it * in the [tunnels] section of the config. */ - val = "$SVN_SSH ssh -q"; + val = "$SVN_SSH ssh -q --"; } if (!val || !*val) @@ -435,7 +436,7 @@ ; *argv = apr_palloc(pool, (n + 4) * sizeof(char *)); memcpy((void *) *argv, cmd_argv, n * sizeof(char *)); - (*argv)[n++] = svn_path_uri_decode(hostinfo, pool); + (*argv)[n++] = hostinfo; (*argv)[n++] = "svnserve"; (*argv)[n++] = "-t"; (*argv)[n] = NULL; @@ -716,7 +717,33 @@ } +/* A simple whitelist to ensure the following are valid: + * user@server + * [::1]:22 + * server-name + * server_name + * 127.0.0.1 + * with an extra restriction that a leading '-' is invalid. + */ +static svn_boolean_t +is_valid_hostinfo(const char *hostinfo) +{ + const char *p = hostinfo; + if (p[0] == '-') + return FALSE; + + while (*p) + { + if (!svn_ctype_isalnum(*p) && !strchr(":.-_[]@", *p)) + return FALSE; + + ++p; + } + + return TRUE; +} + static svn_error_t *ra_svn_open(svn_ra_session_t *session, const char **corrected_url, const char *url, @@ -740,8 +767,17 @@ parse_tunnel(url, &tunnel, pool); if (tunnel) - SVN_ERR(find_tunnel_agent(tunnel, uri.hostinfo, &tunnel_argv, config, - pool)); + { + const char *decoded_hostinfo; + + decoded_hostinfo = svn_path_uri_decode(uri.hostinfo, pool); + if (!is_valid_hostinfo(decoded_hostinfo)) + return svn_error_createf(SVN_ERR_BAD_URL, NULL, _("Invalid host '%s'"), + uri.hostinfo); + + SVN_ERR(find_tunnel_agent(tunnel, decoded_hostinfo, &tunnel_argv, + config, pool)); + } else tunnel_argv = NULL; Index: subversion/libsvn_subr/config_file.c =================================================================== --- subversion/libsvn_subr/config_file.c (revision 1803926) +++ subversion/libsvn_subr/config_file.c (working copy) @@ -1134,12 +1134,12 @@ "### passed to the tunnel agent as @.) If the" NL "### built-in ssh scheme were not predefined, it could be defined" NL "### as:" NL - "# ssh = $SVN_SSH ssh -q" NL + "# ssh = $SVN_SSH ssh -q --" NL "### If you wanted to define a new 'rsh' scheme, to be used with" NL "### 'svn+rsh:' URLs, you could do so as follows:" NL - "# rsh = rsh" NL + "# rsh = rsh --" NL "### Or, if you wanted to specify a full path and arguments:" NL - "# rsh = /path/to/rsh -l myusername" NL + "# rsh = /path/to/rsh -l myusername --" NL "### On Windows, if you are specifying a full path to a command," NL "### use a forward slash (/) or a paired backslash (\\\\) as the" NL "### path separator. A single backslash will be treated as an" NL