Bugzilla – Attachment 1054 Details for
Bug 1094
Local to local copy (and also remote to remote) uses shell expansion twice
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Same patch as #1053 for OpenSSH 4.2p1
openssh-scp-metachar-portable.patch (text/plain), 8.67 KB, created by
Darren Tucker
on 2006-01-26 12:02:42 AEDT
(
hide
)
Description:
Same patch as #1053 for OpenSSH 4.2p1
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2006-01-26 12:02:42 AEDT
Size:
8.67 KB
patch
obsolete
>Index: misc.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/misc.c,v >retrieving revision 1.49 >diff -u -p -r1.49 misc.c >--- misc.c 14 Jul 2005 07:05:02 -0000 1.49 >+++ misc.c 26 Jan 2006 00:55:54 -0000 >@@ -358,10 +358,13 @@ addargs(arglist *args, char *fmt, ...) > va_list ap; > char buf[1024]; > u_int nalloc; >+ int r; > > va_start(ap, fmt); >- vsnprintf(buf, sizeof(buf), fmt, ap); >+ r = vsnprintf(buf, sizeof(buf), fmt, ap); > va_end(ap); >+ if (r == -1 || r >= (int)sizeof(buf)) >+ fatal("addargs: argument too long"); > > nalloc = args->nalloc; > if (args->list == NULL) { >@@ -376,6 +379,40 @@ addargs(arglist *args, char *fmt, ...) > args->list[args->num] = NULL; > } > >+void >+replacearg(arglist *args, u_int which, char *fmt, ...) >+{ >+ va_list ap; >+ char buf[1024]; >+ int r; >+ >+ va_start(ap, fmt); >+ r = vsnprintf(buf, sizeof(buf), fmt, ap); >+ va_end(ap); >+ if (r == -1 || r > (int)sizeof(buf)) >+ fatal("replacearg: argument too long"); >+ >+ if (which >= args->num) >+ fatal("replacearg: tried to replace invalid arg %d >= %d", >+ which, args->num); >+ xfree(args->list[which]); >+ args->list[which] = xstrdup(buf); >+} >+ >+void >+freeargs(arglist *args) >+{ >+ u_int i; >+ >+ if (args->list != NULL) { >+ for (i = 0; i < args->num; i++) >+ xfree(args->list[i]); >+ xfree(args->list); >+ args->nalloc = args->num = 0; >+ args->list = NULL; >+ } >+} >+ > /* > * Expands tildes in the file name. Returns data allocated by xmalloc. > * Warning: this calls getpw*. >Index: misc.h >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/misc.h,v >retrieving revision 1.28 >diff -u -p -r1.28 misc.h >--- misc.h 14 Jul 2005 07:07:21 -0000 1.28 >+++ misc.h 26 Jan 2006 00:55:54 -0000 >@@ -36,7 +36,11 @@ struct arglist { > u_int num; > u_int nalloc; > }; >-void addargs(arglist *, char *, ...) __attribute__((format(printf, 2, 3))); >+void addargs(arglist *, char *, ...) >+ __attribute__((format(printf, 2, 3))); >+void replacearg(arglist *, u_int, char *, ...) >+ __attribute__((format(printf, 3, 4))); >+void freeargs(arglist *); > > /* readpass.c */ > >Index: scp.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/scp.c,v >retrieving revision 1.138 >diff -u -p -r1.138 scp.c >--- scp.c 2 Aug 2005 07:07:08 -0000 1.138 >+++ scp.c 26 Jan 2006 00:55:54 -0000 >@@ -118,6 +118,48 @@ killchild(int signo) > exit(1); > } > >+static int >+do_local_cmd(arglist *a) >+{ >+ u_int i; >+ int status; >+ pid_t pid; >+ >+ if (a->num == 0) >+ fatal("do_local_cmd: no arguments"); >+ >+ if (verbose_mode) { >+ fprintf(stderr, "Executing:"); >+ for (i = 0; i < a->num; i++) >+ fprintf(stderr, " %s", a->list[i]); >+ fprintf(stderr, "\n"); >+ } >+ if ((pid = fork()) == -1) >+ fatal("do_local_cmd: fork: %s", strerror(errno)); >+ >+ if (pid == 0) { >+ execvp(a->list[0], a->list); >+ perror(a->list[0]); >+ exit(1); >+ } >+ >+ do_cmd_pid = pid; >+ signal(SIGTERM, killchild); >+ signal(SIGINT, killchild); >+ signal(SIGHUP, killchild); >+ >+ while (waitpid(pid, &status, 0) == -1) >+ if (errno != EINTR) >+ fatal("do_local_cmd: waitpid: %s", strerror(errno)); >+ >+ do_cmd_pid = -1; >+ >+ if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) >+ return (-1); >+ >+ return (0); >+} >+ > /* > * This function executes the given command as the specified user on the > * given host. This returns < 0 if execution fails, and >= 0 otherwise. This >@@ -162,7 +204,7 @@ do_cmd(char *host, char *remuser, char * > close(pin[0]); > close(pout[1]); > >- args.list[0] = ssh_program; >+ replacearg(&args, 0, "%s", ssh_program); > if (remuser != NULL) > addargs(&args, "-l%s", remuser); > addargs(&args, "%s", host); >@@ -224,8 +266,9 @@ main(int argc, char **argv) > > __progname = ssh_get_progname(argv[0]); > >+ memset(&args, '\0', sizeof(args)); > args.list = NULL; >- addargs(&args, "ssh"); /* overwritten with ssh_program */ >+ addargs(&args, "%s", ssh_program); > addargs(&args, "-x"); > addargs(&args, "-oForwardAgent no"); > addargs(&args, "-oClearAllForwardings yes"); >@@ -364,6 +407,10 @@ toremote(char *targ, int argc, char **ar > { > int i, len; > char *bp, *host, *src, *suser, *thost, *tuser, *arg; >+ arglist alist; >+ >+ memset(&alist, '\0', sizeof(alist)); >+ alist.list = NULL; > > *targ++ = 0; > if (*targ == 0) >@@ -381,20 +428,27 @@ toremote(char *targ, int argc, char **ar > tuser = NULL; > } > >+ if (tuser != NULL && !okname(tuser)) { >+ xfree(arg); >+ return; >+ } >+ > for (i = 0; i < argc - 1; i++) { > src = colon(argv[i]); > if (src) { /* remote to remote */ >- static char *ssh_options = >- "-x -o'ClearAllForwardings yes'"; >+ freeargs(&alist); >+ addargs(&alist, "%s", ssh_program); >+ if (verbose_mode) >+ addargs(&alist, "-v"); >+ addargs(&alist, "-x"); >+ addargs(&alist, "-oClearAllForwardings yes"); >+ addargs(&alist, "-n"); >+ > *src++ = 0; > if (*src == 0) > src = "."; > host = strrchr(argv[i], '@'); >- len = strlen(ssh_program) + strlen(argv[i]) + >- strlen(src) + (tuser ? strlen(tuser) : 0) + >- strlen(thost) + strlen(targ) + >- strlen(ssh_options) + CMDNEEDS + 20; >- bp = xmalloc(len); >+ > if (host) { > *host++ = 0; > host = cleanhostname(host); >@@ -405,30 +459,18 @@ toremote(char *targ, int argc, char **ar > xfree(bp); > continue; > } >- if (tuser && !okname(tuser)) { >- xfree(bp); >- continue; >- } >- snprintf(bp, len, >- "%s%s %s -n " >- "-l %s %s %s %s '%s%s%s:%s'", >- ssh_program, verbose_mode ? " -v" : "", >- ssh_options, suser, host, cmd, src, >- tuser ? tuser : "", tuser ? "@" : "", >- thost, targ); >+ addargs(&alist, "-l"); >+ addargs(&alist, "%s", suser); > } else { > host = cleanhostname(argv[i]); >- snprintf(bp, len, >- "exec %s%s %s -n %s " >- "%s %s '%s%s%s:%s'", >- ssh_program, verbose_mode ? " -v" : "", >- ssh_options, host, cmd, src, >- tuser ? tuser : "", tuser ? "@" : "", >- thost, targ); > } >- if (verbose_mode) >- fprintf(stderr, "Executing: %s\n", bp); >- if (system(bp) != 0) >+ addargs(&alist, "%s", host); >+ addargs(&alist, "%s", cmd); >+ addargs(&alist, "%s", src); >+ addargs(&alist, "%s%s%s:%s", >+ tuser ? tuser : "", tuser ? "@" : "", >+ thost, targ); >+ if (do_local_cmd(&alist) != 0) > errs = 1; > (void) xfree(bp); > } else { /* local to remote */ >@@ -454,20 +496,23 @@ tolocal(int argc, char **argv) > { > int i, len; > char *bp, *host, *src, *suser; >+ arglist alist; >+ >+ memset(&alist, '\0', sizeof(alist)); >+ alist.list = NULL; > > for (i = 0; i < argc - 1; i++) { > if (!(src = colon(argv[i]))) { /* Local to local. */ >- len = strlen(_PATH_CP) + strlen(argv[i]) + >- strlen(argv[argc - 1]) + 20; >- bp = xmalloc(len); >- (void) snprintf(bp, len, "exec %s%s%s %s %s", _PATH_CP, >- iamrecursive ? " -r" : "", pflag ? " -p" : "", >- argv[i], argv[argc - 1]); >- if (verbose_mode) >- fprintf(stderr, "Executing: %s\n", bp); >- if (system(bp)) >+ freeargs(&alist); >+ addargs(&alist, "%s", _PATH_CP); >+ if (iamrecursive) >+ addargs(&alist, "-r"); >+ if (pflag) >+ addargs(&alist, "-p"); >+ addargs(&alist, "%s", argv[i]); >+ addargs(&alist, "%s", argv[argc-1]); >+ if (do_local_cmd(&alist)) > ++errs; >- (void) xfree(bp); > continue; > } > *src++ = 0; >Index: sftp.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/sftp.c,v >retrieving revision 1.71 >diff -u -p -r1.71 sftp.c >--- sftp.c 22 Aug 2005 22:06:56 -0000 1.71 >+++ sftp.c 26 Jan 2006 00:56:25 -0000 >@@ -1448,8 +1448,13 @@ main(int argc, char **argv) > extern char *optarg; > > __progname = ssh_get_progname(argv[0]); >+ >+ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ >+ sanitise_stdfd(); >+ >+ memset(&alist, '\0', sizeof(alist)); > args.list = NULL; >- addargs(&args, "ssh"); /* overwritten with ssh_program */ >+ addargs(&args, ssh_program); > addargs(&args, "-oForwardX11 no"); > addargs(&args, "-oForwardAgent no"); > addargs(&args, "-oClearAllForwardings yes"); >@@ -1483,6 +1488,7 @@ main(int argc, char **argv) > break; > case 'S': > ssh_program = optarg; >+ replacearg(&args, 0, "%s", ssh_program); > break; > case 'b': > if (batchmode) >@@ -1559,7 +1565,6 @@ main(int argc, char **argv) > addargs(&args, "%s", host); > addargs(&args, "%s", (sftp_server != NULL ? > sftp_server : "sftp")); >- args.list[0] = ssh_program; > > if (!batchmode) > fprintf(stderr, "Connecting to %s...\n", host); >@@ -1572,6 +1577,7 @@ main(int argc, char **argv) > fprintf(stderr, "Attaching to %s...\n", sftp_direct); > connect_to_server(sftp_direct, args.list, &in, &out); > } >+ freeargs(&args); > > err = interactive_loop(in, out, file1, file2); >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1054">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1094
:
971
|
1053
| 1054 |
1055
|
1056
|
1057
|
1058