* New upstream release (closes: #536182). Yes, I know 5.3p1 has been out

for a while, but there's no GSSAPI patch available for it yet. - Change the default cipher order to prefer the AES CTR modes and the revised "arcfour256" mode to CBC mode ciphers that are susceptible to CPNI-957037 "Plaintext Recovery Attack Against SSH". - Add countermeasures to mitigate CPNI-957037-style attacks against the SSH protocol's use of CBC-mode ciphers. Upon detection of an invalid packet length or Message Authentication Code, ssh/sshd will continue reading up to the maximum supported packet length rather than immediately terminating the connection. This eliminates most of the known differences in behaviour that leaked information about the plaintext of injected data which formed the basis of this attack (closes: #506115, LP: #379329). - ForceCommand directive now accepts commandline arguments for the internal-sftp server (closes: #524423, LP: #362511). - Add AllowAgentForwarding to available Match keywords list (closes: #540623). - Make ssh(1) send the correct channel number for SSH2_MSG_CHANNEL_SUCCESS and SSH2_MSG_CHANNEL_FAILURE messages to avoid triggering 'Non-public channel' error messages on sshd(8) in openssh-5.1. - Avoid printing 'Non-public channel' warnings in sshd(8), since the ssh(1) has sent incorrect channel numbers since ~2004 (this reverts a behaviour introduced in openssh-5.1; closes: #496017). * Update to GSSAPI patch from http://www.sxw.org.uk/computing/patches/openssh-5.2p1-gsskex-all-20090726.patch, including cascading credentials support (LP: #416958).
author: Colin Watson <cjwatson@debian.org> 2010-01-01 23:53:30 +0000
committer: Colin Watson <cjwatson@debian.org> 2010-01-01 23:53:30 +0000
commit: df03186a4f9e0c2ece398b5c0571cb6263d7a752 (patch)
tree: 1aab079441dff9615274769b19f2d734ddf508dd /sftp.c
parent: 6ad6994c288662fca6949f42bf91fec2aff00bca (diff)
parent: 99b402ea4c8457b0a3cafff37f5b3410a8dc6476 (diff)
1 files changed, 42 insertions, 39 deletions
diff --git a/sftp.c b/sftp.c
index e1aa49d0f..66bd111b1 100644
--- a/sftp.c
+++ b/sftp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp.c,v 1.103 2008/07/13 22:16:03 djm Exp $ */
+/* $OpenBSD: sftp.c,v 1.107 2009/02/02 11:15:14 dtucker Exp $ */
 /*
 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
 *
@@ -207,36 +207,37 @@ cmd_interrupt(int signo)
 static void
 help(void)
 {
-        printf("Available commands:\n");
+        printf("Available commands:\n"
-        printf("cd path                       Change remote directory to 'path'\n");
+            "bye                                Quit sftp\n"
-        printf("lcd path                      Change local directory to 'path'\n");
+            "cd path                            Change remote directory to 'path'\n"
-        printf("chgrp grp path                Change group of file 'path' to 'grp'\n");
+            "chgrp grp path                     Change group of file 'path' to 'grp'\n"
-        printf("chmod mode path               Change permissions of file 'path' to 'mode'\n");
+            "chmod mode path                    Change permissions of file 'path' to 'mode'\n"
-        printf("chown own path                Change owner of file 'path' to 'own'\n");
+            "chown own path                     Change owner of file 'path' to 'own'\n"
-        printf("df [path]                     Display statistics for current directory or\n");
+            "df [-hi] [path]                    Display statistics for current directory or\n"
-        printf("                              filesystem containing 'path'\n");
+            "                                   filesystem containing 'path'\n"
-        printf("help                          Display this help text\n");
+            "exit                               Quit sftp\n"
-        printf("get remote-path [local-path]  Download file\n");
+            "get [-P] remote-path [local-path]  Download file\n"
-        printf("lls [ls-options [path]]       Display local directory listing\n");
+            "help                               Display this help text\n"
-        printf("ln oldpath newpath            Symlink remote file\n");
+            "lcd path                           Change local directory to 'path'\n"
-        printf("lmkdir path                   Create local directory\n");
+            "lls [ls-options [path]]            Display local directory listing\n"
-        printf("lpwd                          Print local working directory\n");
+            "lmkdir path                        Create local directory\n"
-        printf("ls [path]                     Display remote directory listing\n");
+            "ln oldpath newpath                 Symlink remote file\n"
-        printf("lumask umask                  Set local umask to 'umask'\n");
+            "lpwd                               Print local working directory\n"
-        printf("mkdir path                    Create remote directory\n");
+            "ls [-1aflnrSt] [path]              Display remote directory listing\n"
-        printf("progress                      Toggle display of progress meter\n");
+            "lumask umask                       Set local umask to 'umask'\n"
-        printf("put local-path [remote-path]  Upload file\n");
+            "mkdir path                         Create remote directory\n"
-        printf("pwd                           Display remote working directory\n");
+            "progress                           Toggle display of progress meter\n"
-        printf("exit                          Quit sftp\n");
+            "put [-P] local-path [remote-path]  Upload file\n"
-        printf("quit                          Quit sftp\n");
+            "pwd                                Display remote working directory\n"
-        printf("rename oldpath newpath        Rename remote file\n");
+            "quit                               Quit sftp\n"
-        printf("rmdir path                    Remove remote directory\n");
+            "rename oldpath newpath             Rename remote file\n"
-        printf("rm path                       Delete remote file\n");
+            "rm path                            Delete remote file\n"
-        printf("symlink oldpath newpath       Symlink remote file\n");
+            "rmdir path                         Remove remote directory\n"
-        printf("version                       Show SFTP version\n");
+            "symlink oldpath newpath            Symlink remote file\n"
-        printf("!command                      Execute 'command' in local shell\n");
+            "version                            Show SFTP version\n"
-        printf("!                             Escape to local shell\n");
+            "!command                           Execute 'command' in local shell\n"
-        printf("?                             Synonym for help\n");
+            "!                                  Escape to local shell\n"
+            "?                                  Synonym for help\n");
 }
 static void
@@ -1234,8 +1235,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
    int err_abort)
 {
        char *path1, *path2, *tmp;
-        int pflag, lflag, iflag, hflag, cmdnum, i;
+        int pflag = 0, lflag = 0, iflag = 0, hflag = 0, cmdnum, i;
-        unsigned long n_arg;
+        unsigned long n_arg = 0;
        Attrib a, *aa;
        char path_buf[MAXPATHLEN];
        int err = 0;
@@ -1386,17 +1387,19 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
                remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
                for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
                        if (!(aa = do_stat(conn, g.gl_pathv[i], 0))) {
-                                if (err != 0 && err_abort)
+                                if (err_abort) {
+                                        err = -1;
                                        break;
-                                else
+                                } else
                                        continue;
                        }
                        if (!(aa->flags & SSH2_FILEXFER_ATTR_UIDGID)) {
                                error("Can't get current ownership of "
                                    "remote file \"%s\"", g.gl_pathv[i]);
-                                if (err != 0 && err_abort)
+                                if (err_abort) {
+                                        err = -1;
                                        break;
-                                else
+                                } else
                                        continue;
                        }
                        aa->flags &= SSH2_FILEXFER_ATTR_UIDGID;
@@ -1668,8 +1671,8 @@ usage(void)
            "usage: %s [-1Cv] [-B buffer_size] [-b batchfile] [-F ssh_config]\n"
            "            [-o ssh_option] [-P sftp_server_path] [-R num_requests]\n"
            "            [-S program] [-s subsystem | sftp_server] host\n"
-            "       %s [[user@]host[:file [file]]]\n"
+            "       %s [user@]host[:file ...]\n"
-            "       %s [[user@]host[:dir[/]]]\n"
+            "       %s [user@]host[:dir[/]]\n"
            "       %s -b batchfile [user@]host\n", __progname, __progname, __progname, __progname);
        exit(1);
 }
author	Colin Watson <cjwatson@debian.org>	2010-01-01 23:53:30 +0000
committer	Colin Watson <cjwatson@debian.org>	2010-01-01 23:53:30 +0000
commit	df03186a4f9e0c2ece398b5c0571cb6263d7a752 (patch)
tree	1aab079441dff9615274769b19f2d734ddf508dd /sftp.c
parent	6ad6994c288662fca6949f42bf91fec2aff00bca (diff)
parent	99b402ea4c8457b0a3cafff37f5b3410a8dc6476 (diff)

diff --git a/sftp.c b/sftp.c index e1aa49d0f..66bd111b1 100644 --- a/sftp.c +++ b/sftp.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sftp.c,v 1.103 2008/07/13 22:16:03 djm Exp $ */	1	/* $OpenBSD: sftp.c,v 1.107 2009/02/02 11:15:14 dtucker Exp $ */
2	/*	2	/*
3	* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>	3	* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
4	*	4	*
@@ -207,36 +207,37 @@ cmd_interrupt(int signo)
207	static void	207	static void
208	help(void)	208	help(void)
209	{	209	{
210	printf("Available commands:\n");	210	printf("Available commands:\n"
211	printf("cd path Change remote directory to 'path'\n");	211	"bye Quit sftp\n"
212	printf("lcd path Change local directory to 'path'\n");	212	"cd path Change remote directory to 'path'\n"
213	printf("chgrp grp path Change group of file 'path' to 'grp'\n");	213	"chgrp grp path Change group of file 'path' to 'grp'\n"
214	printf("chmod mode path Change permissions of file 'path' to 'mode'\n");	214	"chmod mode path Change permissions of file 'path' to 'mode'\n"
215	printf("chown own path Change owner of file 'path' to 'own'\n");	215	"chown own path Change owner of file 'path' to 'own'\n"
216	printf("df [path] Display statistics for current directory or\n");	216	"df [-hi] [path] Display statistics for current directory or\n"
217	printf(" filesystem containing 'path'\n");	217	" filesystem containing 'path'\n"
218	printf("help Display this help text\n");	218	"exit Quit sftp\n"
219	printf("get remote-path [local-path] Download file\n");	219	"get [-P] remote-path [local-path] Download file\n"
220	printf("lls [ls-options [path]] Display local directory listing\n");	220	"help Display this help text\n"
221	printf("ln oldpath newpath Symlink remote file\n");	221	"lcd path Change local directory to 'path'\n"
222	printf("lmkdir path Create local directory\n");	222	"lls [ls-options [path]] Display local directory listing\n"
223	printf("lpwd Print local working directory\n");	223	"lmkdir path Create local directory\n"
224	printf("ls [path] Display remote directory listing\n");	224	"ln oldpath newpath Symlink remote file\n"
225	printf("lumask umask Set local umask to 'umask'\n");	225	"lpwd Print local working directory\n"
226	printf("mkdir path Create remote directory\n");	226	"ls [-1aflnrSt] [path] Display remote directory listing\n"
227	printf("progress Toggle display of progress meter\n");	227	"lumask umask Set local umask to 'umask'\n"
228	printf("put local-path [remote-path] Upload file\n");	228	"mkdir path Create remote directory\n"
229	printf("pwd Display remote working directory\n");	229	"progress Toggle display of progress meter\n"
230	printf("exit Quit sftp\n");	230	"put [-P] local-path [remote-path] Upload file\n"
231	printf("quit Quit sftp\n");	231	"pwd Display remote working directory\n"
232	printf("rename oldpath newpath Rename remote file\n");	232	"quit Quit sftp\n"
233	printf("rmdir path Remove remote directory\n");	233	"rename oldpath newpath Rename remote file\n"
234	printf("rm path Delete remote file\n");	234	"rm path Delete remote file\n"
235	printf("symlink oldpath newpath Symlink remote file\n");	235	"rmdir path Remove remote directory\n"
236	printf("version Show SFTP version\n");	236	"symlink oldpath newpath Symlink remote file\n"
237	printf("!command Execute 'command' in local shell\n");	237	"version Show SFTP version\n"
238	printf("! Escape to local shell\n");	238	"!command Execute 'command' in local shell\n"
239	printf("? Synonym for help\n");	239	"! Escape to local shell\n"
		240	"? Synonym for help\n");
240	}	241	}
241		242
242	static void	243	static void
@@ -1234,8 +1235,8 @@ parse_dispatch_command(struct sftp_conn conn, const char cmd, char **pwd,
1234	int err_abort)	1235	int err_abort)
1235	{	1236	{
1236	char path1, path2, *tmp;	1237	char path1, path2, *tmp;
1237	int pflag, lflag, iflag, hflag, cmdnum, i;	1238	int pflag = 0, lflag = 0, iflag = 0, hflag = 0, cmdnum, i;
1238	unsigned long n_arg;	1239	unsigned long n_arg = 0;
1239	Attrib a, *aa;	1240	Attrib a, *aa;
1240	char path_buf[MAXPATHLEN];	1241	char path_buf[MAXPATHLEN];
1241	int err = 0;	1242	int err = 0;
@@ -1386,17 +1387,19 @@ parse_dispatch_command(struct sftp_conn conn, const char cmd, char **pwd,
1386	remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);	1387	remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
1387	for (i = 0; g.gl_pathv[i] && !interrupted; i++) {	1388	for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
1388	if (!(aa = do_stat(conn, g.gl_pathv[i], 0))) {	1389	if (!(aa = do_stat(conn, g.gl_pathv[i], 0))) {
1389	if (err != 0 && err_abort)	1390	if (err_abort) {
		1391	err = -1;
1390	break;	1392	break;
1391	else	1393	} else
1392	continue;	1394	continue;
1393	}	1395	}
1394	if (!(aa->flags & SSH2_FILEXFER_ATTR_UIDGID)) {	1396	if (!(aa->flags & SSH2_FILEXFER_ATTR_UIDGID)) {
1395	error("Can't get current ownership of "	1397	error("Can't get current ownership of "
1396	"remote file \"%s\"", g.gl_pathv[i]);	1398	"remote file \"%s\"", g.gl_pathv[i]);
1397	if (err != 0 && err_abort)	1399	if (err_abort) {
		1400	err = -1;
1398	break;	1401	break;
1399	else	1402	} else
1400	continue;	1403	continue;
1401	}	1404	}
1402	aa->flags &= SSH2_FILEXFER_ATTR_UIDGID;	1405	aa->flags &= SSH2_FILEXFER_ATTR_UIDGID;
@@ -1668,8 +1671,8 @@ usage(void)
1668	"usage: %s [-1Cv] [-B buffer_size] [-b batchfile] [-F ssh_config]\n"	1671	"usage: %s [-1Cv] [-B buffer_size] [-b batchfile] [-F ssh_config]\n"
1669	" [-o ssh_option] [-P sftp_server_path] [-R num_requests]\n"	1672	" [-o ssh_option] [-P sftp_server_path] [-R num_requests]\n"
1670	" [-S program] [-s subsystem \| sftp_server] host\n"	1673	" [-S program] [-s subsystem \| sftp_server] host\n"
1671	" %s [[user@]host[:file [file]]]\n"	1674	" %s [user@]host[:file ...]\n"
1672	" %s [[user@]host[:dir[/]]]\n"	1675	" %s [user@]host[:dir[/]]\n"
1673	" %s -b batchfile [user@]host\n", __progname, __progname, __progname, __progname);	1676	" %s -b batchfile [user@]host\n", __progname, __progname, __progname, __progname);
1674	exit(1);	1677	exit(1);
1675	}	1678	}