summaryrefslogtreecommitdiff
path: root/scp.c
AgeCommit message (Collapse)Author
2018-06-04upstream: Apply umask to all incoming files and directories notdtucker@openbsd.org
just files. This makes sure it gets applied to directories too, and prevents a race where files get chmodded after creation. bz#2839, ok djm@ OpenBSD-Commit-ID: 3168ee6c7c39093adac4fd71039600cfa296203b
2018-04-10upstream: lots of typos in comments/docs. Patch from Karsten Weissdjm@openbsd.org
after checking with codespell tool (https://github.com/lucasdemarchi/codespell) OpenBSD-Commit-ID: 373222f12d7ab606598a2d36840c60be93568528
2018-02-10upstream commitdjm@openbsd.org
Disable RemoteCommand and RequestTTY in the ssh session started by scp. sftp is already doing this. From Camden Narzt via github; ok dtucker OpenBSD-Commit-ID: 59e2611141c0b2ee579c6866e8eb9d7d8217bc6b
2017-12-19upstream commitmillert@openbsd.org
Add helper function for uri handing in scp where a missing path simply means ".". Also fix exit code and add warnings when an invalid uri is encountered. OK otto@ OpenBSD-Commit-ID: 47dcf872380586dabf7fcc6e7baf5f8ad508ae1a
2017-10-23upstream commitmillert@openbsd.org
Add URI support to ssh, sftp and scp. For example ssh://user@host or sftp://user@host/path. The connection parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the ssh fingerprint format in the draft uses md5 with no way to specify the hash function type. OK djm@ Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc
2017-06-01upstream commitderaadt@openbsd.org
Switch to recallocarray() for a few operations. Both growth and shrinkage are handled safely, and there also is no need for preallocation dances. Future changes in this area will be less error prone. Review and one bug found by markus Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065
2017-05-08upstream commitjmc@openbsd.org
remove options -12 from usage(); Upstream-ID: db7ceef25132e63b50ed05289bf447fece1d1270
2017-05-01Wrap stdint.h in HAVE_STDINT_HDarren Tucker
2017-05-01upstream commitdjm@openbsd.org
exterminate the -1 flag from scp ok markus@ Upstream-ID: 26d247f7065da15056b209cef5f594ff591b89db
2017-04-28upstream commitmillert@openbsd.org
Avoid relying on implementation-specific behavior when detecting whether the timestamp or file size overflowed. If time_t and off_t are not either 32-bit or 64-bit scp will exit with an error. OK djm@ Upstream-ID: f31caae73ddab6df496b7bbbf7da431e267ad135
2017-04-28upstream commitmillert@openbsd.org
Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@ Upstream-ID: 1f82640861c7d905bbb05e7d935d46b0419ced02
2016-12-12Force Turkish locales back to C/POSIX; bz#2643Damien Miller
Turkish locales are unique in their handling of the letters 'i' and 'I' (yes, they are different letters) and OpenSSH isn't remotely prepared to deal with that. For now, the best we can do is to force OpenSSH to use the C/POSIX locale and try to preserve the UTF-8 encoding if possible. ok dtucker@
2016-09-12upstream commitderaadt@openbsd.org
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then use those definitions rather than pulling <sys/param.h> and unknown namespace pollution. ok djm markus dtucker Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8
2016-06-06upstream commitschwarze@openbsd.org
To prevent screwing up terminal settings when printing to the terminal, for ASCII and UTF-8, escape bytes not forming characters and bytes forming non-printable characters with vis(3) VIS_OCTAL. For other character sets, abort printing of the current string in these cases. In particular, * let scp(1) respect the local user's LC_CTYPE locale(1); * sanitize data received from the remote host; * sanitize filenames, usernames, and similar data even locally; * take character display widths into account for the progressmeter. This is believed to be sufficient to keep the local terminal safe on OpenBSD, but bad things can still happen on other systems with state-dependent locales because many places in the code print unencoded ASCII characters into the output stream. Using feedback from djm@ and martijn@, various aspects discussed with many others. deraadt@ says it should go in now, i probably already hesitated too long Upstream-ID: e66afbc94ee396ddcaffd433b9a3b80f387647e0
2016-03-04upstream commitdtucker@openbsd.org
Improve accuracy of reported transfer speeds by waiting for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@ Upstream-ID: 99f1cf15c9a8f161086b814d414d862795ae153d
2015-11-28upstream commitderaadt@openbsd.org
pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker Upstream-ID: 8854bbd58279abe00f6c33f8094bdc02c8c65059
2015-10-17upstream commitmmcc@openbsd.org
0 -> NULL when comparing with a char*. ok dtucker@, djm@. Upstream-ID: a928e9c21c0a9020727d99738ff64027c1272300
2015-04-29upstream commitderaadt@openbsd.org
rename xrealloc() to xreallocarray() since it follows that form. ok djm
2015-01-16upstream commitderaadt@openbsd.org
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
2014-07-02 - djm@cvs.openbsd.org 2014/06/24 02:21:01Damien Miller
[scp.c] when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
2013-11-21 - deraadt@cvs.openbsd.org 2013/11/20 20:53:10Damien Miller
[scp.c] unsigned casts for ctype macros where neccessary ok guenther millert markus
2013-07-18 - djm@cvs.openbsd.org 2013/06/22 06:31:57Damien Miller
[scp.c] improved time_t overflow check suggested by guenther@
2013-07-18 - djm@cvs.openbsd.org 2013/06/21 05:43:10Damien Miller
[scp.c] make this -Wsign-compare clean after time_t conversion
2013-07-18 - guenther@cvs.openbsd.org 2013/06/17 04:48:42Damien Miller
[scp.c] Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines. ok dtucker@ deraadt@
2013-06-06 - dtucker@cvs.openbsd.org 2013/06/04 19:12:23Darren Tucker
[scp.c] use MAXPATHLEN for buffer size instead of fixed value. ok markus
2013-06-02 - dtucker@cvs.openbsd.org 2013/06/01 20:59:25Darren Tucker
[scp.c sftp-client.c] Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2113. ok deraadt. (note: corrected bug number from 2085)
2013-06-02 - djm@cvs.openbsd.org 2013/05/17 00:13:13Darren Tucker
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c dns.c packet.c readpass.c authfd.c moduli.c] bye, bye xfree(); ok markus@
2013-05-16 - dtucker@cvs.openbsd.org 2013/05/16 09:08:41Darren Tucker
[log.c scp.c sshd.c serverloop.c schnorr.c sftp.c] Fix some "unused result" warnings found via clang and -portable. ok markus@
2013-03-20 - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c]Damien Miller
[openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's so mark it as broken. Patch from des AT des.no
2011-09-22 - djm@cvs.openbsd.org 2011/09/09 22:37:01Damien Miller
[scp.c] suppress adding '--' to remote commandlines when the first argument does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus
2011-01-06 - jmc@cvs.openbsd.org 2010/12/09 14:13:33Damien Miller
[scp.1 scp.c] scp.1: grammer fix scp.c: add -3 to usage()
2011-01-06 - markus@cvs.openbsd.org 2010/12/08 22:46:03Damien Miller
[scp.1 scp.c] add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. Without this option the data is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
2010-12-01 - djm@cvs.openbsd.org 2010/11/26 05:52:49Damien Miller
[scp.c] Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
2010-09-24 - djm@cvs.openbsd.org 2010/09/22 22:58:51Damien Miller
[atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c] [sftp-client.h sftp.1 sftp.c] add an option per-read/write callback to atomicio factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism add a bandwidth limit option to sftp(1) using the above "very nice" markus@
2010-07-02 - millert@cvs.openbsd.org 2010/07/01 13:06:59Damien Miller
[scp.c] Fix a longstanding problem where if you suspend scp at the password/passphrase prompt the terminal mode is not restored. OK djm@
2010-01-08 - guenther@cvs.openbsd.org 2009/12/20 07:28:36Darren Tucker
[ssh.c sftp.c scp.c] When passing user-controlled options with arguments to other programs, pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'. Based on a diff by halex@ ok halex@ djm@ deraadt@
2008-11-03 - stevesk@cvs.openbsd.org 2008/10/10 04:55:16Damien Miller
[scp.c] spelling in comment; ok djm@
2008-07-04 - (djm) [atomicio.c channels.c clientloop.c defines.h includes.h]Damien Miller
[packet.c scp.c serverloop.c sftp-client.c ssh-agent.c ssh-keyscan.c] [sshd.c] Explicitly handle EWOULDBLOCK wherever we handle EAGAIN, on some platforms (HP nonstop) it is a distinct errno; bz#1467 reported by sconeu AT yahoo.com; ok dtucker@
2008-06-14 - dtucker@cvs.openbsd.org 2008/06/13 18:55:22Darren Tucker
[scp.c] Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
2008-03-13 - (tim) [scp.c] Use poll.h if available, fall back to sys/poll.h if not. PatchTim Rice
by vinschen at redhat.com.
2008-02-29 - (dtucker) [scp.c] Include sys/poll.h inside HAVE_SYS_POLL_H.Darren Tucker
2008-01-01 - dtucker@cvs.openbsd.org 2008/01/01 09:06:39Darren Tucker
[scp.c] If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
2007-12-02 - (dtucker) [scp.c] Update $OpenBSD tag missing from rev 1.175 and removeDarren Tucker
leftover debug code.
2007-10-26 - djm@cvs.openbsd.org 2007/10/24 03:44:02Damien Miller
[scp.c] factor out network read/write into an atomicio()-like function, and use it to handle short reads, apply bandwidth limits and update counters. make network IO non-blocking, so a small trickle of reads/writes has a chance of updating the progress meter; bz #799 ok dtucker@
2007-08-08 - sobrado@cvs.openbsd.org 2007/08/06 19:16:06Damien Miller
[scp.1 scp.c] the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands lots of good ideas by jmc@ ok jmc@
2007-06-25 - djm@cvs.openbsd.org 2007/06/13 00:21:27Darren Tucker
[scp.c] don't ftruncate() non-regular files; bz#1236 reported by wood AT xmission.com; ok dtucker@
2007-06-13 - dtucker@cvs.openbsd.org 2007/06/12 13:54:28Darren Tucker
[scp.c] Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
2007-06-12 - djm@cvs.openbsd.org 2007/06/12 08:24:20Darren Tucker
[scp.c] make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
2007-02-19 - djm@cvs.openbsd.org 2007/01/22 13:06:21Darren Tucker
[scp.c] fix detection of whether we should show progress meter or not: scp tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
2006-08-05 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42Damien Miller
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] [serverloop.c session.c session.h sftp-client.c sftp-common.c] [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step NB. portable commit contains everything *except* removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy")