summaryrefslogtreecommitdiff
path: root/scp.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2017-10-04 11:23:58 +0100
committerColin Watson <cjwatson@debian.org>2017-10-04 11:23:58 +0100
commit62f54f20bf351468e0124f63cc2902ee40d9b0e9 (patch)
tree3e090f2711b94ca5029d3fa3e8047b1ed1448b1f /scp.c
parent6fabaf6fd9b07cc8bc6a17c9c4a5b76849cfc874 (diff)
parent66bf74a92131b7effe49fb0eefe5225151869dc5 (diff)
Import openssh_7.6p1.orig.tar.gz
Diffstat (limited to 'scp.c')
-rw-r--r--scp.c42
1 files changed, 28 insertions, 14 deletions
diff --git a/scp.c b/scp.c
index b4db85198..a533eb097 100644
--- a/scp.c
+++ b/scp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: scp.c,v 1.187 2016/09/12 01:22:38 deraadt Exp $ */ 1/* $OpenBSD: scp.c,v 1.192 2017/05/31 09:15:42 deraadt Exp $ */
2/* 2/*
3 * scp - secure remote copy. This is basically patched BSD rcp which 3 * scp - secure remote copy. This is basically patched BSD rcp which
4 * uses ssh to do the data transfer (instead of using rcmd). 4 * uses ssh to do the data transfer (instead of using rcmd).
@@ -99,6 +99,9 @@
99#include <pwd.h> 99#include <pwd.h>
100#include <signal.h> 100#include <signal.h>
101#include <stdarg.h> 101#include <stdarg.h>
102#ifdef HAVE_STDINT_H
103#include <stdint.h>
104#endif
102#include <stdio.h> 105#include <stdio.h>
103#include <stdlib.h> 106#include <stdlib.h>
104#include <string.h> 107#include <string.h>
@@ -403,7 +406,11 @@ main(int argc, char **argv)
403 switch (ch) { 406 switch (ch) {
404 /* User-visible flags. */ 407 /* User-visible flags. */
405 case '1': 408 case '1':
409 fatal("SSH protocol v.1 is no longer supported");
410 break;
406 case '2': 411 case '2':
412 /* Ignored */
413 break;
407 case '4': 414 case '4':
408 case '6': 415 case '6':
409 case 'C': 416 case 'C':
@@ -915,6 +922,11 @@ rsource(char *name, struct stat *statp)
915 (void) response(); 922 (void) response();
916} 923}
917 924
925#define TYPE_OVERFLOW(type, val) \
926 ((sizeof(type) == 4 && (val) > INT32_MAX) || \
927 (sizeof(type) == 8 && (val) > INT64_MAX) || \
928 (sizeof(type) != 4 && sizeof(type) != 8))
929
918void 930void
919sink(int argc, char **argv) 931sink(int argc, char **argv)
920{ 932{
@@ -938,6 +950,9 @@ sink(int argc, char **argv)
938#define mtime tv[1] 950#define mtime tv[1]
939#define SCREWUP(str) { why = str; goto screwup; } 951#define SCREWUP(str) { why = str; goto screwup; }
940 952
953 if (TYPE_OVERFLOW(time_t, 0) || TYPE_OVERFLOW(off_t, 0))
954 SCREWUP("Unexpected off_t/time_t size");
955
941 setimes = targisdir = 0; 956 setimes = targisdir = 0;
942 mask = umask(0); 957 mask = umask(0);
943 if (!pflag) 958 if (!pflag)
@@ -996,8 +1011,7 @@ sink(int argc, char **argv)
996 ull = strtoull(cp, &cp, 10); 1011 ull = strtoull(cp, &cp, 10);
997 if (!cp || *cp++ != ' ') 1012 if (!cp || *cp++ != ' ')
998 SCREWUP("mtime.sec not delimited"); 1013 SCREWUP("mtime.sec not delimited");
999 if ((time_t)ull < 0 || 1014 if (TYPE_OVERFLOW(time_t, ull))
1000 (unsigned long long)(time_t)ull != ull)
1001 setimes = 0; /* out of range */ 1015 setimes = 0; /* out of range */
1002 mtime.tv_sec = ull; 1016 mtime.tv_sec = ull;
1003 mtime.tv_usec = strtol(cp, &cp, 10); 1017 mtime.tv_usec = strtol(cp, &cp, 10);
@@ -1009,8 +1023,7 @@ sink(int argc, char **argv)
1009 ull = strtoull(cp, &cp, 10); 1023 ull = strtoull(cp, &cp, 10);
1010 if (!cp || *cp++ != ' ') 1024 if (!cp || *cp++ != ' ')
1011 SCREWUP("atime.sec not delimited"); 1025 SCREWUP("atime.sec not delimited");
1012 if ((time_t)ull < 0 || 1026 if (TYPE_OVERFLOW(time_t, ull))
1013 (unsigned long long)(time_t)ull != ull)
1014 setimes = 0; /* out of range */ 1027 setimes = 0; /* out of range */
1015 atime.tv_sec = ull; 1028 atime.tv_sec = ull;
1016 atime.tv_usec = strtol(cp, &cp, 10); 1029 atime.tv_usec = strtol(cp, &cp, 10);
@@ -1043,10 +1056,15 @@ sink(int argc, char **argv)
1043 if (*cp++ != ' ') 1056 if (*cp++ != ' ')
1044 SCREWUP("mode not delimited"); 1057 SCREWUP("mode not delimited");
1045 1058
1046 for (size = 0; isdigit((unsigned char)*cp);) 1059 if (!isdigit((unsigned char)*cp))
1047 size = size * 10 + (*cp++ - '0'); 1060 SCREWUP("size not present");
1048 if (*cp++ != ' ') 1061 ull = strtoull(cp, &cp, 10);
1062 if (!cp || *cp++ != ' ')
1049 SCREWUP("size not delimited"); 1063 SCREWUP("size not delimited");
1064 if (TYPE_OVERFLOW(off_t, ull))
1065 SCREWUP("size out of range");
1066 size = (off_t)ull;
1067
1050 if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) { 1068 if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
1051 run_err("error: unexpected filename: %s", cp); 1069 run_err("error: unexpected filename: %s", cp);
1052 exit(1); 1070 exit(1);
@@ -1256,7 +1274,7 @@ void
1256usage(void) 1274usage(void)
1257{ 1275{
1258 (void) fprintf(stderr, 1276 (void) fprintf(stderr,
1259 "usage: scp [-12346BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]\n" 1277 "usage: scp [-346BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]\n"
1260 " [-l limit] [-o ssh_option] [-P port] [-S program]\n" 1278 " [-l limit] [-o ssh_option] [-P port] [-S program]\n"
1261 " [[user@]host1:]file1 ... [[user@]host2:]file2\n"); 1279 " [[user@]host1:]file1 ... [[user@]host2:]file2\n");
1262 exit(1); 1280 exit(1);
@@ -1350,11 +1368,7 @@ allocbuf(BUF *bp, int fd, int blksize)
1350#endif /* HAVE_STRUCT_STAT_ST_BLKSIZE */ 1368#endif /* HAVE_STRUCT_STAT_ST_BLKSIZE */
1351 if (bp->cnt >= size) 1369 if (bp->cnt >= size)
1352 return (bp); 1370 return (bp);
1353 if (bp->buf == NULL) 1371 bp->buf = xrecallocarray(bp->buf, bp->cnt, size, 1);
1354 bp->buf = xmalloc(size);
1355 else
1356 bp->buf = xreallocarray(bp->buf, 1, size);
1357 memset(bp->buf, 0, size);
1358 bp->cnt = size; 1372 bp->cnt = size;
1359 return (bp); 1373 return (bp);
1360} 1374}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-06 10:05:23 +0000