From e4bd42f98f7da0ac49cdea579d1e43be64c0621f Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <edolstra@gmail.com>
Date: Fri, 11 Aug 2017 13:55:41 +0200
Subject: [PATCH] Disallow SSH host names starting with a dash

---
 src/libstore/ssh.cc | 11 +++++++++++
 src/libstore/ssh.hh |  9 +--------
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/src/libstore/ssh.cc b/src/libstore/ssh.cc
index 776ffdb83..7ff7a9bff 100644
--- a/src/libstore/ssh.cc
+++ b/src/libstore/ssh.cc
@@ -2,6 +2,17 @@
 
 namespace nix {
 
+SSHMaster::SSHMaster(const std::string & host, const std::string & keyFile, bool useMaster, bool compress, int logFD)
+    : host(host)
+    , keyFile(keyFile)
+    , useMaster(useMaster)
+    , compress(compress)
+    , logFD(logFD)
+{
+    if (host == "" || hasPrefix(host, "-"))
+        throw Error("invalid SSH host name '%s'", host);
+}
+
 void SSHMaster::addCommonSSHOpts(Strings & args)
 {
     for (auto & i : tokenizeString<Strings>(getEnv("NIX_SSHOPTS")))
diff --git a/src/libstore/ssh.hh b/src/libstore/ssh.hh
index 18dea227a..1268e6d00 100644
--- a/src/libstore/ssh.hh
+++ b/src/libstore/ssh.hh
@@ -28,14 +28,7 @@ private:
 
 public:
 
-    SSHMaster(const std::string & host, const std::string & keyFile, bool useMaster, bool compress, int logFD = -1)
-        : host(host)
-        , keyFile(keyFile)
-        , useMaster(useMaster)
-        , compress(compress)
-        , logFD(logFD)
-    {
-    }
+    SSHMaster(const std::string & host, const std::string & keyFile, bool useMaster, bool compress, int logFD = -1);
 
     struct Connection
     {
-- 
GitLab