ssh: unban the use of pipe character in user@host:port string
This vulnerability was fixed by the previous patch and there were more ways
to exploit than using '|shellcmd'. So it doesn't make sense to reject only
pipe character.
Test cases are updated to actually try to exploit the bug. As the SSH bridge
of git/svn subrepos are not managed by our code, the tests for non-hg subrepos
are just removed.
This may be folded into the original patches.
#require killdaemons
= Test the known() protocol function =
Create a test repository:
$ hg init repo
$ cd repo
$ touch a ; hg add a ; hg ci -ma
$ touch b ; hg add b ; hg ci -mb
$ touch c ; hg add c ; hg ci -mc
$ hg log --template '{node}\n'
991a3460af53952d10ec8a295d3d2cc2e5fa9690
0e067c57feba1a5694ca4844f05588bb1bf82342
3903775176ed42b1458a6281db4a0ccf4d9f287a
$ cd ..
Test locally:
$ hg debugknown repo 991a3460af53952d10ec8a295d3d2cc2e5fa9690 0e067c57feba1a5694ca4844f05588bb1bf82342 3903775176ed42b1458a6281db4a0ccf4d9f287a
111
$ hg debugknown repo 000a3460af53952d10ec8a295d3d2cc2e5fa9690 0e067c57feba1a5694ca4844f05588bb1bf82342 0003775176ed42b1458a6281db4a0ccf4d9f287a
010
$ hg debugknown repo
Test via HTTP:
$ hg serve -R repo -p $HGPORT -d --pid-file=hg.pid -E error.log -A access.log
$ cat hg.pid >> $DAEMON_PIDS
$ hg debugknown http://localhost:$HGPORT/ 991a3460af53952d10ec8a295d3d2cc2e5fa9690 0e067c57feba1a5694ca4844f05588bb1bf82342 3903775176ed42b1458a6281db4a0ccf4d9f287a
111
$ hg debugknown http://localhost:$HGPORT/ 000a3460af53952d10ec8a295d3d2cc2e5fa9690 0e067c57feba1a5694ca4844f05588bb1bf82342 0003775176ed42b1458a6281db4a0ccf4d9f287a
010
$ hg debugknown http://localhost:$HGPORT/
$ cat error.log
$ killdaemons.py