Bug 778

Summary:

sftp client globs entire path, directories enclosed in square brackets are unusable

Product:

Portable OpenSSH

Reporter:

Chad <vdr781>

Component:

sftp

Assignee:

Damien Miller <djm>

Status:

CLOSED FIXED

Severity:

minor

CC:

djm

Priority:

Keywords:

low-hanging-fruit, needs-release-note, patch

Version:

-current

Hardware:

ix86

OS:

Linux

Bug Depends on:

Bug Blocks:

1353

Attachments:

Description	Flags
Report error on read/write failures	none
Permit escaping of glob characters	none
Diff with support for unquoted, escaped whitespace	none
Rewrite sftp command parsing and glob handling	none
Tweaked diff with regress tests	none

Description Chad 2003-12-20 20:06:30 AEDT

sftp client uses glob() to glob the absolute path + relative path.  In the 
scenario where the current working directory is something like "/tmp/
[testdir]", and you try to retrieve a file "testfile.txt" from that directory 
doing a get "testfile.txt" or mget "testfile.txt" then sftp client prepends the 
cwd and the arguments to get and then passes them to a globbing routine.  
Making it difficult to retrieve files from a directory enclosed in square 
brackets.  sftp should probably not glob at all when using get/put, and only 
glob the arguments to mget/mput <not the current working directory>.

Comment 1 Damien Miller 2007-05-17 18:41:41 AEST

Created attachment 1284 [details]
Report error on read/write failures

I'm not sure how much logspam this patch will generate, so I'm going to run with it for a little while.

Comment 2 Damien Miller 2007-05-17 18:42:16 AEST

The content of attachment 1284 [details] has been deleted by
    Damien Miller <djm@mindrot.org>
who provided the following reason:

wrong bug

The token used to delete this attachment was generated at 2007-05-17 18:42:08.

Comment 3 Damien Miller 2007-05-18 17:37:21 AEST

Created attachment 1291 [details]
Permit escaping of glob characters

This patch allows escaping of glob characters, so you should be able to do:

put "file with \[square braces]"
put "file with asterisk\*"

and so forth.

Comment 4 Damien Miller 2007-05-20 22:18:10 AEST

Created attachment 1295 [details]
Diff with support for unquoted, escaped whitespace

This diff merges the previous diff with one from Ben Lindstrom to add support for escaping of whitespace in unquoted filenames. So this will support all of:

get "filename with \[glob metacharacters]"
get filename\ with\ spaces
get filename\ with\ spaces\ and\ \[glob metacharacters]

Comment 5 Damien Miller 2007-09-21 14:59:06 AEST

Created attachment 1357 [details]
Rewrite sftp command parsing and glob handling

I think this patch is correct: it rewrites sftp's command parsing code to split the string into an argv using sh(1)-like rules, and should handle glob sequences much more naturally.

Things like 'rm \*' and 'rm "*"' should work now (i.e. they are not equivalent to 'rm *'), as should more complicated sequences like 'put "[some files] - blah"*'

It does need some regress tests though.

Comment 6 Damien Miller 2007-09-21 18:11:14 AEST

Created attachment 1358 [details]
Tweaked diff with regress tests

The previous diff had a small bug related to glob's handling of backslash characters. This version also adds some regression tests.

Comment 7 Damien Miller 2007-09-21 18:11:47 AEST

Put this on the radar for 4.8

Comment 8 Damien Miller 2007-10-24 13:48:06 AEST

patch is applied - will be in openssh-4.8

This will need a release note, as scripts that depended on the previous broken behaviour may need to change.

Comment 9 Damien Miller 2008-03-31 15:19:54 AEDT

Fix shipped in 4.9/4.9p1 release.