From 0af2405ebf4d4c3b420740f0fb5b81aca7039bdc Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Oct 2012 10:41:25 +1000 Subject: - (dtucker) OpenBSD CVS Sync - djm@cvs.openbsd.org 2012/09/17 09:54:44 [sftp.c] an XXX for later --- sftp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'sftp.c') diff --git a/sftp.c b/sftp.c index 235c6ad04..217b63a2d 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.136 2012/06/22 14:36:33 dtucker Exp $ */ +/* $OpenBSD: sftp.c,v 1.137 2012/09/17 09:54:44 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -1917,6 +1917,7 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2) return (-1); } } else { + /* XXX this is wrong wrt quoting */ if (file2 == NULL) snprintf(cmd, sizeof cmd, "get %s", dir); else -- cgit v1.2.3 From 063018d9f6f7beb1408213fc27c720534e7c987e Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Oct 2012 10:43:58 +1000 Subject: - dtucker@cvs.openbsd.org 2012/09/18 10:36:12 [sftp.c] Add bounds check on sftp tab-completion. Part of a patch from from Jean-Marc Robert via tech@, ok djm --- ChangeLog | 4 ++++ sftp.c | 6 +++++- 2 files changed, 9 insertions(+), 1 deletion(-) (limited to 'sftp.c') diff --git a/ChangeLog b/ChangeLog index 11e7a92bd..6341bd564 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,10 @@ - markus@cvs.openbsd.org 2012/09/17 13:04:11 [packet.c] clear old keys on rekeing; ok djm + - dtucker@cvs.openbsd.org 2012/09/18 10:36:12 + [sftp.c] + Add bounds check on sftp tab-completion. Part of a patch from from + Jean-Marc Robert via tech@, ok djm 20120917 - (dtucker) OpenBSD CVS Sync diff --git a/sftp.c b/sftp.c index 217b63a2d..3c7bc64e1 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.137 2012/09/17 09:54:44 djm Exp $ */ +/* $OpenBSD: sftp.c,v 1.138 2012/09/18 10:36:12 dtucker Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -991,6 +991,10 @@ makeargv(const char *arg, int *argcp, int sloppy, char *lastquote, state = MA_START; i = j = 0; for (;;) { + if (argc >= sizeof(argv) / sizeof(*argv)){ + error("Too many arguments."); + return NULL; + } if (isspace(arg[i])) { if (state == MA_UNQUOTED) { /* Terminate current argument */ -- cgit v1.2.3 From 191fcc6e4e6173a59720da043bc85618a4107fcf Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Oct 2012 10:45:01 +1000 Subject: - dtucker@cvs.openbsd.org 2012/09/21 10:53:07 [sftp.c] Fix improper handling of absolute paths when PWD is part of the completed path. Patch from Jean-Marc Robert via tech@, ok djm. --- ChangeLog | 4 ++++ sftp.c | 9 ++++++--- 2 files changed, 10 insertions(+), 3 deletions(-) (limited to 'sftp.c') diff --git a/ChangeLog b/ChangeLog index 6341bd564..9d3a7f581 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,10 @@ [sftp.c] Add bounds check on sftp tab-completion. Part of a patch from from Jean-Marc Robert via tech@, ok djm + - dtucker@cvs.openbsd.org 2012/09/21 10:53:07 + [sftp.c] + Fix improper handling of absolute paths when PWD is part of the completed + path. Patch from Jean-Marc Robert via tech@, ok djm. 20120917 - (dtucker) OpenBSD CVS Sync diff --git a/sftp.c b/sftp.c index 3c7bc64e1..9ab4e9f16 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.138 2012/09/18 10:36:12 dtucker Exp $ */ +/* $OpenBSD: sftp.c,v 1.139 2012/09/21 10:53:07 dtucker Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -1699,7 +1699,7 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path, { glob_t g; char *tmp, *tmp2, ins[3]; - u_int i, hadglob, pwdlen, len, tmplen, filelen; + u_int i, hadglob, pwdlen, len, tmplen, filelen, isabs; const LineInfo *lf; /* Glob from "file" location */ @@ -1708,6 +1708,9 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path, else xasprintf(&tmp, "%s*", file); + /* Check if the path is absolute. */ + isabs = tmp[0] == '/'; + memset(&g, 0, sizeof(g)); if (remote != LOCAL) { tmp = make_absolute(tmp, remote_path); @@ -1742,7 +1745,7 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path, goto out; tmp2 = complete_ambiguous(file, g.gl_pathv, g.gl_matchc); - tmp = path_strip(tmp2, remote_path); + tmp = path_strip(tmp2, isabs ? NULL : remote_path); xfree(tmp2); if (tmp == NULL) -- cgit v1.2.3 From 17146d369cd5f2c0088e4e299974ea3f87f37d4a Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 5 Oct 2012 10:46:16 +1000 Subject: - dtucker@cvs.openbsd.org 2012/09/21 10:55:04 [sftp.c] Fix handling of filenames containing escaped globbing characters and escape "#" and "*". Patch from Jean-Marc Robert via tech@, ok djm. --- ChangeLog | 4 ++++ sftp.c | 20 ++++++++++++++++---- 2 files changed, 20 insertions(+), 4 deletions(-) (limited to 'sftp.c') diff --git a/ChangeLog b/ChangeLog index 9d3a7f581..6f5072f15 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,10 @@ [sftp.c] Fix improper handling of absolute paths when PWD is part of the completed path. Patch from Jean-Marc Robert via tech@, ok djm. + - dtucker@cvs.openbsd.org 2012/09/21 10:55:04 + [sftp.c] + Fix handling of filenames containing escaped globbing characters and + escape "#" and "*". Patch from Jean-Marc Robert via tech@, ok djm. 20120917 - (dtucker) OpenBSD CVS Sync diff --git a/sftp.c b/sftp.c index 9ab4e9f16..7b91e0013 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.139 2012/09/21 10:53:07 dtucker Exp $ */ +/* $OpenBSD: sftp.c,v 1.140 2012/09/21 10:55:04 dtucker Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -1699,7 +1699,7 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path, { glob_t g; char *tmp, *tmp2, ins[3]; - u_int i, hadglob, pwdlen, len, tmplen, filelen, isabs; + u_int i, hadglob, pwdlen, len, tmplen, filelen, cesc, isesc, isabs; const LineInfo *lf; /* Glob from "file" location */ @@ -1754,8 +1754,18 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path, tmplen = strlen(tmp); filelen = strlen(file); - if (tmplen > filelen) { - tmp2 = tmp + filelen; + /* Count the number of escaped characters in the input string. */ + cesc = isesc = 0; + for (i = 0; i < filelen; i++) { + if (!isesc && file[i] == '\\' && i + 1 < filelen){ + isesc = 1; + cesc++; + } else + isesc = 0; + } + + if (tmplen > (filelen - cesc)) { + tmp2 = tmp + filelen - cesc; len = strlen(tmp2); /* quote argument on way out */ for (i = 0; i < len; i++) { @@ -1769,6 +1779,8 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path, case '\t': case '[': case ' ': + case '#': + case '*': if (quote == '\0' || tmp2[i] == quote) { if (el_insertstr(el, ins) == -1) fatal("el_insertstr " -- cgit v1.2.3 From 07daed505f1cd6a0beff4d060b588debcc1ca8c8 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 31 Oct 2012 08:57:55 +1100 Subject: - (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2012/10/05 12:34:39 [sftp.c] fix signed vs unsigned warning; feedback & ok: djm@ --- ChangeLog | 6 ++++++ sftp.c | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) (limited to 'sftp.c') diff --git a/ChangeLog b/ChangeLog index 5df4094c1..3cd16e480 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20121030 + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2012/10/05 12:34:39 + [sftp.c] + fix signed vs unsigned warning; feedback & ok: djm@ + 20121019 - (tim) [buildpkg.sh.in] Double up on some backslashes so they end up in the generated file as intended. diff --git a/sftp.c b/sftp.c index 7b91e0013..6516d1f1c 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.140 2012/09/21 10:55:04 dtucker Exp $ */ +/* $OpenBSD: sftp.c,v 1.141 2012/10/05 12:34:39 markus Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -991,7 +991,7 @@ makeargv(const char *arg, int *argcp, int sloppy, char *lastquote, state = MA_START; i = j = 0; for (;;) { - if (argc >= sizeof(argv) / sizeof(*argv)){ + if ((size_t)argc >= sizeof(argv) / sizeof(*argv)){ error("Too many arguments."); return NULL; } -- cgit v1.2.3 From d6d9fa0281e4856c40d5f03ebe4a5cb6a98337e3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 12 Feb 2013 11:02:46 +1100 Subject: - djm@cvs.openbsd.org 2013/02/08 00:41:12 [sftp.c] fix NULL deref when built without libedit and control characters entered as command; debugging and patch from Iain Morgan an Loganaden Velvindron in bz#1956 --- ChangeLog | 5 +++++ sftp.c | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'sftp.c') diff --git a/ChangeLog b/ChangeLog index c1d428709..4084052d4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,6 +31,11 @@ - dtucker@cvs.openbsd.org 2013/02/06 00:22:21 [auth.c] Fix comment, from jfree.e1 at gmail + - djm@cvs.openbsd.org 2013/02/08 00:41:12 + [sftp.c] + fix NULL deref when built without libedit and control characters + entered as command; debugging and patch from Iain Morgan an + Loganaden Velvindron in bz#1956 20130211 - (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old diff --git a/sftp.c b/sftp.c index 6516d1f1c..9a53b12b7 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.141 2012/10/05 12:34:39 markus Exp $ */ +/* $OpenBSD: sftp.c,v 1.142 2013/02/08 00:41:12 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -1145,7 +1145,7 @@ parse_args(const char **cpp, int *pflag, int *rflag, int *lflag, int *iflag, /* Figure out which command we have */ for (i = 0; cmds[i].c != NULL; i++) { - if (strcasecmp(cmds[i].c, argv[0]) == 0) + if (argv[0] != NULL && strcasecmp(cmds[i].c, argv[0]) == 0) break; } cmdnum = cmds[i].n; -- cgit v1.2.3 From b87f6b70f894952b74443c8ef1b86323e7c9f465 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 23 Feb 2013 09:12:23 +1100 Subject: - (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu. ok tim --- ChangeLog | 5 +++++ configure.ac | 6 +++--- includes.h | 6 ++++-- loginrec.c | 4 ---- mux.c | 4 ---- sftp.c | 4 ---- 6 files changed, 12 insertions(+), 17 deletions(-) (limited to 'sftp.c') diff --git a/ChangeLog b/ChangeLog index c8f85fd8b..4ec2282de 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20120223 + - (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer + bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu. + ok tim + 20120222 - (dtucker) [Makefile.in configure.ac] bz#2072: don't link krb5 libs to ssh(1) since they're not needed. Patch from Pierre Ossman, ok djm. diff --git a/configure.ac b/configure.ac index e526390f7..3ea3f8a35 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.508 2013/02/22 00:37:00 djm Exp $ +# $Id: configure.ac,v 1.509 2013/02/22 22:12:24 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) -AC_REVISION($Revision: 1.508 $) +AC_REVISION($Revision: 1.509 $) AC_CONFIG_SRCDIR([ssh.c]) AC_LANG([C]) @@ -1163,7 +1163,7 @@ AC_CHECK_FUNCS([utimes], ) dnl Checks for libutil functions -AC_CHECK_HEADERS([libutil.h]) +AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) AC_SEARCH_LIBS([fmt_scaled], [util bsd]) AC_SEARCH_LIBS([login], [util bsd]) AC_SEARCH_LIBS([logout], [util bsd]) diff --git a/includes.h b/includes.h index b4c53d9b4..3e206c899 100644 --- a/includes.h +++ b/includes.h @@ -137,8 +137,10 @@ # include #endif -#ifdef HAVE_LIBUTIL_H -# include /* Openpty on FreeBSD at least */ +#if defined(HAVE_BSD_LIBUTIL_H) +# include +#elif defined(HAVE_LIBUTIL_H) +# include #endif #if defined(KRB5) && defined(USE_AFS) diff --git a/loginrec.c b/loginrec.c index 32941c985..f9662fa5c 100644 --- a/loginrec.c +++ b/loginrec.c @@ -180,10 +180,6 @@ # include #endif -#ifdef HAVE_LIBUTIL_H -# include -#endif - /** ** prototypes for helper functions in this file **/ diff --git a/mux.c b/mux.c index 1b24660b2..1ae0e0915 100644 --- a/mux.c +++ b/mux.c @@ -63,10 +63,6 @@ # include #endif -#ifdef HAVE_LIBUTIL_H -# include -#endif - #include "openbsd-compat/sys-queue.h" #include "xmalloc.h" #include "log.h" diff --git a/sftp.c b/sftp.c index 9a53b12b7..342ae7efc 100644 --- a/sftp.c +++ b/sftp.c @@ -54,10 +54,6 @@ typedef void EditLine; # include #endif -#ifdef HAVE_LIBUTIL_H -# include -#endif - #include "xmalloc.h" #include "log.h" #include "pathnames.h" -- cgit v1.2.3