From 5deffee3cff5f9a13c59b8c1e357c5a32487d1c3 Mon Sep 17 00:00:00 2001
From: Sitaram Chamarty <sitaram@atc.tcs.com>
Date: Fri, 9 Apr 2010 16:48:46 +0530
Subject: [PATCH] security: gitolite admin can get shell access by using screwy
 pubkey name

example: keydir/sitaram@$(some-dangerous-command; echo hi).pub

(still won't get the reward; that is only if a non-admin user gets
privs!)
---
 src/gl-compile-conf | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/gl-compile-conf b/src/gl-compile-conf
index 575ee61fd..1fb942bef 100755
--- a/src/gl-compile-conf
+++ b/src/gl-compile-conf
@@ -511,6 +511,12 @@ print $newkeys_fh "# gitolite start\n";
 wrap_chdir($GL_KEYDIR);
 for my $pubkey (glob("*"))
 {
+    # security check (thanks to divVerent for catching this)
+    unless ($pubkey =~ $USERNAME_PATT) {
+        print STDERR "$pubkey contains some unsavoury characters; ignored...\n";
+        next;
+    }
+
     # lint check 1
     unless ($pubkey =~ /\.pub$/)
     {