5 files changed, 55 insertions, 82 deletions

diff --git a/ChangeLog b/ChangeLog
index 7712c31c9..b60dedef8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,10 @@
      [ssh.c]
      Fix debug call for port forwards; patch from pete at seebeyond.com,
      ok djm@ (ID sync only - change already in portable)
+   - djm@cvs.openbsd.org 2005/04/09 04:32:54
+     [misc.c misc.h tildexpand.c Makefile.in]
+     replace tilde_expand_filename with a simpler implementation, ahead of
+     more whacking; ok deraadt@
 
 20050524
  - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
@@ -2511,4 +2515,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.3764 2005/05/26 02:01:22 djm Exp $
+$Id: ChangeLog,v 1.3765 2005/05/26 02:02:14 djm Exp $
diff --git a/Makefile.in b/Makefile.in
index 3351d64d5..b8a01d2f8 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.271 2005/05/26 01:35:38 djm Exp $
+# $Id: Makefile.in,v 1.272 2005/05/26 02:02:15 djm Exp $
 
 # uncomment if you run a non bourne compatable shell. Ie. csh
 #SHELL = @SH@
@@ -67,7 +67,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o buffer.o \
         cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
         compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
         log.o match.o moduli.o nchan.o packet.o \
-        readpass.o rsa.o tildexpand.o ttymodes.o xmalloc.o \
+        readpass.o rsa.o ttymodes.o xmalloc.o \
         atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
         monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
         kexgex.o kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \
diff --git a/misc.c b/misc.c
index 7adbcea1c..4bc07a42a 100644
--- a/misc.c
+++ b/misc.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: misc.c,v 1.29 2005/03/10 22:01:05 deraadt Exp $");
+RCSID("$OpenBSD: misc.c,v 1.30 2005/04/09 04:32:54 djm Exp $");
 
 #include "misc.h"
 #include "log.h"
@@ -376,6 +376,51 @@ addargs(arglist *args, char *fmt, ...)
 }
 
 /*
+ * Expands tildes in the file name.  Returns data allocated by xmalloc.
+ * Warning: this calls getpw*.
+ */
+char *
+tilde_expand_filename(const char *filename, uid_t uid)
+{
+        const char *path;
+        char user[128], ret[MAXPATHLEN];
+        struct passwd *pw;
+        int len;
+
+        if (*filename != '~')
+                return (xstrdup(filename));
+        filename++;
+
+        path = strchr(filename, '/');
+        if (path != NULL && path > filename) {          /* ~user/path */
+                if (path - filename > sizeof(user) - 1)
+                        fatal("tilde_expand_filename: ~username too long");
+                memcpy(user, filename, path - filename);
+                user[path - filename] = '\0';
+                if ((pw = getpwnam(user)) == NULL)
+                        fatal("tilde_expand_filename: No such user %s", user);
+        } else if ((pw = getpwuid(uid)) == NULL)        /* ~/path */
+                fatal("tilde_expand_filename: No such uid %d", uid);
+
+        if (strlcpy(ret, pw->pw_dir, sizeof(ret)) >= sizeof(ret))
+                fatal("tilde_expand_filename: Path too long");
+
+        /* Make sure directory has a trailing '/' */
+        len = strlen(pw->pw_dir);
+        if ((len == 0 || pw->pw_dir[len - 1] != '/') &&
+            strlcat(ret, "/", sizeof(ret)) >= sizeof(ret))
+                fatal("tilde_expand_filename: Path too long");
+
+        /* Skip leading '/' from specified path */
+        if (path != NULL)
+                filename = path + 1;
+        if (strlcat(ret, filename, sizeof(ret)) >= sizeof(ret))
+                fatal("tilde_expand_filename: Path too long");
+
+        return (xstrdup(ret));
+}
+
+/*
  * Read an entire line from a public key file into a static buffer, discarding
  * lines that exceed the buffer size.  Returns 0 on success, -1 on failure.
  */
diff --git a/misc.h b/misc.h
index 8bbc87f0d..798d80fbf 100644
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: misc.h,v 1.21 2005/03/01 10:09:52 djm Exp $   */
+/*      $OpenBSD: misc.h,v 1.22 2005/04/09 04:32:54 djm Exp $   */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -24,6 +24,7 @@ char	*hpdelim(char **);
 char    *cleanhostname(char *);
 char    *colon(char *);
 long     convtime(const char *);
+char    *tilde_expand_filename(const char *, uid_t);
 
 struct passwd *pwcopy(struct passwd *);
 
@@ -35,10 +36,6 @@ struct arglist {
 };
 void     addargs(arglist *, char *, ...) __attribute__((format(printf, 2, 3)));
 
-/* tildexpand.c */
-
-char    *tilde_expand_filename(const char *, uid_t);
-
 /* readpass.c */
 
 #define RP_ECHO                 0x0001
diff --git a/tildexpand.c b/tildexpand.c
deleted file mode 100644
index cedb653b2..000000000
--- a/tildexpand.c
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
- *                    All rights reserved
- *
- * As far as I am concerned, the code I have written for this software
- * can be used freely for any purpose.  Any derived versions of this
- * software must be clearly marked as such, and if the derived work is
- * incompatible with the protocol description in the RFC file, it must be
- * called by a name other than "ssh" or "Secure Shell".
- */
-
-#include "includes.h"
-RCSID("$OpenBSD: tildexpand.c,v 1.15 2004/05/21 08:43:03 markus Exp $");
-
-#include "xmalloc.h"
-#include "log.h"
-#include "misc.h"
-
-/*
- * Expands tildes in the file name.  Returns data allocated by xmalloc.
- * Warning: this calls getpw*.
- */
-char *
-tilde_expand_filename(const char *filename, uid_t my_uid)
-{
-        const char *cp;
-        u_int userlen;
-        char *expanded;
-        struct passwd *pw;
-        char user[100];
-        int len;
-
-        /* Return immediately if no tilde. */
-        if (filename[0] != '~')
-                return xstrdup(filename);
-
-        /* Skip the tilde. */
-        filename++;
-
-        /* Find where the username ends. */
-        cp = strchr(filename, '/');
-        if (cp)
-                userlen = cp - filename;        /* Something after username. */
-        else
-                userlen = strlen(filename);     /* Nothing after username. */
-        if (userlen == 0)
-                pw = getpwuid(my_uid);          /* Own home directory. */
-        else {
-                /* Tilde refers to someone elses home directory. */
-                if (userlen > sizeof(user) - 1)
-                        fatal("User name after tilde too long.");
-                memcpy(user, filename, userlen);
-                user[userlen] = 0;
-                pw = getpwnam(user);
-        }
-        if (!pw)
-                fatal("Unknown user %100s.", user);
-
-        /* If referring to someones home directory, return it now. */
-        if (!cp) {
-                /* Only home directory specified */
-                return xstrdup(pw->pw_dir);
-        }
-        /* Build a path combining the specified directory and path. */
-        len = strlen(pw->pw_dir) + strlen(cp + 1) + 2;
-        if (len > MAXPATHLEN)
-                fatal("Home directory too long (%d > %d", len-1, MAXPATHLEN-1);
-        expanded = xmalloc(len);
-        snprintf(expanded, len, "%s%s%s", pw->pw_dir,
-            strcmp(pw->pw_dir, "/") ? "/" : "", cp + 1);
-        return expanded;
-}