- guenther@cvs.openbsd.org 2009/12/20 07:28:36

     [ssh.c sftp.c scp.c]
     When passing user-controlled options with arguments to other programs,
     pass the option and option argument as separate argv entries and
     not smashed into one (e.g., as -l foo and not -lfoo).  Also, always
     pass a "--" argument to stop option parsing, so that a positional
     argument that starts with a '-' isn't treated as an option.  This
     fixes some error cases as well as the handling of hostnames and
     filenames that start with a '-'.
     Based on a diff by halex@
     ok halex@ djm@ deraadt@

1 files changed, 4 insertions, 2 deletions

diff --git a/sftp.c b/sftp.c
index 1aa37423c..d8728cc25 100644
--- a/sftp.c
+++ b/sftp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp.c,v 1.114 2009/12/06 23:53:54 dtucker Exp $ */
+/* $OpenBSD: sftp.c,v 1.115 2009/12/20 07:28:36 guenther Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
  *
@@ -1809,7 +1809,8 @@ main(int argc, char **argv)
                                 fprintf(stderr, "Missing username\n");
                                 usage();
                         }
-                        addargs(&args, "-l%s", userhost);
+                        addargs(&args, "-l");
+                        addargs(&args, "%s", userhost);
                 }
 
                 if ((cp = colon(host)) != NULL) {
@@ -1829,6 +1830,7 @@ main(int argc, char **argv)
                 if (sftp_server == NULL || strchr(sftp_server, '/') == NULL)
                         addargs(&args, "-s");
 
+                addargs(&args, "--");
                 addargs(&args, "%s", host);
                 addargs(&args, "%s", (sftp_server != NULL ?
                     sftp_server : "sftp"));