Bug 690 - sftp quoted filename parsing bug in get and put commands
Summary: sftp quoted filename parsing bug in get and put commands
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sftp (show other bugs)
Version: -current
Hardware: All All
: P2 normal
Assignee: OpenSSH Bugzilla mailing list
URL:
Keywords: openbsd, patch
Depends on:
Blocks:
 
Reported: 2003-09-19 23:57 AEST by Andrew Mortensen
Modified: 2004-04-14 12:24 AEST (History)
0 users

See Also:


Attachments
Patch fixing increment bug in get_pathname function of sftp-int.c (288 bytes, patch)
2003-09-20 00:03 AEST, Andrew Mortensen
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Mortensen 2003-09-19 23:57:25 AEST
When doing a get or put of a quoted filename, sftp misinterprets the location of the terminating 
quote. In sftp-int.c, when the terminating quote is located, the path is NUL terminated, but the 
location counter is not updated, causing the source filename's end quote to be interpreted as the 
opening quote of a destination filename. This causes 'get "filename"' to fail with an Unterminated 
quote error, and causes 'get "src-filename" "dest-filename"' to write src-filename to a file named " 
" rather than dest-filename. Unquoted transfer commands--e.g., get src-filename dest-filename--
are not affected.
Comment 1 Andrew Mortensen 2003-09-20 00:03:48 AEST
Created attachment 437 [details]
Patch fixing increment bug in get_pathname function of sftp-int.c
Comment 2 Andrew Mortensen 2003-09-24 01:43:41 AEST
Fixed in OpenSSH 3.7.1p2.
Comment 3 Damien Miller 2004-04-14 12:24:19 AEST
Mass change of RESOLVED bugs to CLOSED