| Summary: | Option parser does not permit a double-quote character to occur in option values | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | M. J. Fromberger <michael.j.fromberger> | ||||
| Component: | ssh | Assignee: | Assigned to nobody <unassigned-bugs> | ||||
| Status: | CLOSED FIXED | ||||||
| Severity: | normal | CC: | djm, dtucker | ||||
| Priority: | P2 | Keywords: | low-hanging-fruit | ||||
| Version: | 5.2p1 | ||||||
| Hardware: | All | ||||||
| OS: | All | ||||||
| Bug Depends on: | |||||||
| Bug Blocks: | 3302 | ||||||
| Attachments: |
|
||||||
I think the correct approach for this would be to adapt sftp.c:makeargv() for use in servconf.c/readconf.c. These would need to abandon strdelim() and pass around an argc/argv and a current arg offset. This would have the added benefit of making argument parsing behave in a much more shell-like manner in the client and server configs. We are freezing for the OpenSSH 5.6 release. Retargetting these bugs to the next release. Targetting OpenSSH 5.7 Retarget unclosed bugs from 5.7=>5.8 Retarget unresolved bugs/features to 6.0 release Retarget unresolved bugs/features to 6.0 release Retarget unresolved bugs/features to 6.0 release (try again - bugzilla's "change several" isn't) Retarget from 6.0 to 6.1 Retarget 6.0 => 6.1 Retarget uncompleted bugs from 6.1 => 6.2 Retarget bugs from 6.1 => 6.2 retarget to openssh-6.3 Retarget to openssh-6.4 Retarget 6.3 -> 6.4 Retarget incomplete bugs / feature requests to 6.6 release Retarget incomplete bugs / feature requests to 6.6 release Retarget to 6.7 release, since 6.6 was mostly bugfixing. Remove from 6.6 tracking bug Retarget incomplete bugs to 6.8 release. These bugs are no longer targeted at the imminent 6.7 release OpenSSH 6.8 is approaching release and closed for major work. Retarget these bugs for the next release. Retarget to 6.9 auth2-pubkey.c's split_argv() would be better choice than sftp.c:makeargv(), as the latter has a bunch of goop to deal with glob characters that isn't relevant to argument parsing. Another option is a more drastic replacement of the config language, which has been discussed a little. Retarget pending bugs to openssh-7.1 Retarget to openssh-7.3 Retarget to openssh-7.3 retarget unfinished bugs to next release retarget unfinished bugs to next release retarget unfinished bugs to next release retarget unfinished bugs to next release OpenSSH 7.4 release is closing; punt the bugs to 7.5 Move incomplete bugs to openssh-7.6 target since 7.5 shipped a while back. To calibrate expectations, there's little chance all of these are going to make 7.6. remove 7.5 target Created attachment 3038 [details]
teach strdelim a set of escapes
This teaches misc.c:strdelim() a few escape sequences that can be used in quoted strings. The sequences aren't accepted elsewhere.
I'm unsure of whether this will break any existing configurations, but I can't think of many cases where '\' could appear in existing strings.
(In reply to Damien Miller from comment #34) [...] > I'm unsure of whether this will break any existing configurations, > but I can't think of many cases where '\' could appear in existing > strings. I can think of one example: Windows domain\user notation, although I don't know if that would show up here. This has been committed and will be in OpenSSH 7.7 commit 713d9cb510e0e7759398716cbe6dcf43e574be71 (HEAD -> master) Author: djm@openbsd.org <djm@openbsd.org> Date: Fri Mar 2 03:02:11 2018 +0000 upstream: Allow escaped quotes \" and \' in ssh_config and sshd_config quotes option strings. bz#1596 ok markus@ OpenBSD-Commit-ID: dd3a29fc2dc905e8780198e5a6a30b096de1a1cb This attempt to implement escaped quotes caused regressions in existing configurations. I'll try again after the 7.7 release. Move to OpenSSH 7.8 tracking bug Retarget remaining bugs planned for 7.8 release to 7.9 Retarget remaining bugs planned for 7.8 release to 7.9 Retarget unfinished bugs to OpenSSH 8.0 Retarget unfinished bugs to OpenSSH 8.0 Retarget unfinished bugs to OpenSSH 8.0 Retarget outstanding bugs at next release Retarget these bugs to 8.2 release Prepare for 8.2 release; retarget bugs Retarget bugs to 8.4 release retarget to 8.6 retarget after 8.6p1 release sshd_config got a new string tokeniser in commit a10f929d and ssh_config got the same treatment in commit ea9e45c89 Both support quoted strings, quoted space and quoted quotes in strings. closing bugs resolved before the openssh-8.9 release |
There is no apparent way to give the ssh command line tool an option value, either on the command line or in the ssh_config file, which includes a double-quote (") character (ASCII 34). Neither doubling the quotation mark nor escaping it with a backslash seem to work. The manual pages do not describe any other escape syntax. Either an escape mechanism should be added, or (if one already exists) the documentation should be updated to describe it clearly. Background: On some systems (in my particular case, it's MacOS 10.5), it is possible for a user's login name to contain a double-quotation mark character. There does not seem to be any way to provide a username of this kind to the command line tool, either via the configuration file or using the command-line "-o User=xxx" syntax. If no escape mechanism exists for this case, I would recommend using doubling to denote internal quotes. This avoids the need to also quote a separate escape character, and should not disturb existing configuration files.