Bug 690

Summary: sftp quoted filename parsing bug in get and put commands
Product: Portable OpenSSH Reporter: Andrew Mortensen <admorten>
Component: sftpAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED FIXED    
Severity: normal Keywords: openbsd, patch
Priority: P2    
Version: -current   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch fixing increment bug in get_pathname function of sftp-int.c none

Description Andrew Mortensen 2003-09-19 23:57:25 AEST 
When doing a get or put of a quoted filename, sftp misinterprets the location of the terminating 
quote. In sftp-int.c, when the terminating quote is located, the path is NUL terminated, but the 
location counter is not updated, causing the source filename's end quote to be interpreted as the 
opening quote of a destination filename. This causes 'get "filename"' to fail with an Unterminated 
quote error, and causes 'get "src-filename" "dest-filename"' to write src-filename to a file named " 
" rather than dest-filename. Unquoted transfer commands--e.g., get src-filename dest-filename--
are not affected.
Comment 1 Andrew Mortensen 2003-09-20 00:03:48 AEST 
Created attachment 437 [details]
Patch fixing increment bug in get_pathname function of sftp-int.c
Comment 2 Andrew Mortensen 2003-09-24 01:43:41 AEST 
Fixed in OpenSSH 3.7.1p2.
Comment 3 Damien Miller 2004-04-14 12:24:19 AEST 
Mass change of RESOLVED bugs to CLOSED