From 51b502fbf0ab1b4a81bf8062d300424305f0fe1e Mon Sep 17 00:00:00 2001
From: Guillaume Chazarain <guichaz@gmail.com>
Date: Mon, 19 May 2008 23:11:56 +0200
Subject: [PATCH] Somewhat protect the stdin, be sure we read what has been
 sent by gsh, and not some garbage entered by the user.

---
 TODO                 |  2 --
 gsh/file_transfer.py |  2 +-
 gsh/pity.py          | 27 ++++++++++++++++++++++-----
 3 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/TODO b/TODO
index 37c4420..f942cb4 100644
--- a/TODO
+++ b/TODO
@@ -1,5 +1,3 @@
 o "(yes date | head -n 1000; echo ps) | ./gsh.py --ssh='bash;:' dummy" does not
 terminate because of the readline usage in bash.
 o :upload => dummy remote_dispatcher for /bin/sh, trigger tar c .. & pity.py replicate
-o pity: better Ctrl-C handling
-o pity: be sure to not read user submitted data on stdin, add a trigger around the input
diff --git a/gsh/file_transfer.py b/gsh/file_transfer.py
index fa60348..65e9e55 100644
--- a/gsh/file_transfer.py
+++ b/gsh/file_transfer.py
@@ -61,7 +61,7 @@ def base64version():
 
 def file_transfer_cb(dispatcher, host_port):
     previous_shell = get_previous_shell(dispatcher)
-    previous_shell.dispatch_write(host_port + '\n')
+    previous_shell.dispatch_write(pity.STDIN_PREFIX + host_port + '\n')
 
 def get_infos():
     """Returns (first, last)"""
diff --git a/gsh/pity.py b/gsh/pity.py
index 100f48e..24620ac 100644
--- a/gsh/pity.py
+++ b/gsh/pity.py
@@ -31,6 +31,10 @@ import time
 from threading import Event, Thread
 from Queue import Queue
 
+# Somewhat protect the stdin, be sure we read what has been sent by gsh, and
+# not some garbage entered by the user.
+STDIN_PREFIX = '!?#%!'
+
 UNITS = ['B', 'KiB', 'MiB', 'GiB', 'TiB', 'PiB', 'EiB']
 
 def human_unit(size):
@@ -125,6 +129,18 @@ def init_listening_socket(gsh_prefix):
     print '%s%s:%s' % (prefix, host, port)
     return s
 
+def read_line():
+    line = ''
+    while 1:
+        c = os.read(sys.stdin.fileno(), 1)
+        if c == '\n':
+            break
+        line = line + c
+        if len(line) > 1024:
+            print 'Received input is too large'
+            sys.exit(1)
+    return line
+
 def get_destination():
     fd = sys.stdin.fileno()
     old_settings = termios.tcgetattr(fd)
@@ -132,12 +148,13 @@ def get_destination():
     new_settings[3] = new_settings[3] & ~2 # 3:lflags 2:ICANON
     new_settings[6][6] = '\000' # Set VMIN to zero for lookahead only
     termios.tcsetattr(fd, 1, new_settings) # 1:TCSADRAIN
-    line = ''
-    while 1:
-        c = os.read(sys.stdin.fileno(), 1)
-        if c == '\n':
+    while True:
+        line = read_line()
+        start = string.find(line, STDIN_PREFIX)
+        if start >= 0:
+            line = line[start + len(STDIN_PREFIX):]
             break
-        line = line + c
+
     termios.tcsetattr(fd, 1, old_settings) # 1:TCSADRAIN
     split = string.split(line, ':', 1)
     host = split[0]
-- 
2.11.4.GIT