I've experienced some troubles using scp with remote files with spaces,
amphersands or parantheses in their filenames on Linux hosts.
This happens:
stain at false:~$ scp "bender.linpro.no:blapp blapp" .
scp: blapp: No such file or directory
scp: blapp: No such file or directory
stain at false:~$ scp "bender.linpro.no:blapp&blapp" .
bash: blapp: command not found
This might be abused, like this:
stain at false:~$ scp "bender.linpro.no:blapp&cat /etc/passwd" .
root:x:0:0:root:/root:/bin/bash
You might object that the person could done this simply with
stain at false:~$ ssh bender.linpro.no cat /etc/passwd
and even received more than one line, but the problem here is that one
does not always have the same control over filenames as with commands.
Note: This bug does not seem to effect local-to-remote copying or
remote-to-local copying with shell filename expansion (*)
One might temporarily overcome the problem with doublescaping, ie,
stain at false:~$ scp "bender.linpro.no:blapp\ blapp" .
blapp blapp 100% |*****************************************| 0
--:-- ETA
Although the simplest is to patch the sourcecode:
(A patchfile for the CVS-version is included, but these fixes should
work for any 2.2.0-version (as the one in Debian woody) as far as I can
see)
in scp.c:
- strlen(thost) + strlen(targ) + CMDNEEDS + 32;
+ strlen(thost) + strlen(targ) + CMDNEEDS + 40;
- "%s%s -x -o'FallBackToRsh no' -n -l %s %s %s %s
'%s%s%s:%s'",
+ "%s%s -x -o'FallBackToRsh no' -n -l
\"%s\" \"%s\" \"%s\"\"%s\"
'%s%s%s:%s'",
- "exec %s%s -x -o'FallBackToRsh no' -n %s %s %s
'%s%s%s:%s'",
+ "exec %s%s -x -o'FallBackToRsh no' -n
\"%s\" \"%s\" \"%s\"
'%s%s%s:%s'",
- len = strlen(src) + CMDNEEDS + 20;
+ len = strlen(src) + CMDNEEDS + 22;
- (void) sprintf(bp, "%s -f %s", cmd, src);
+ (void) sprintf(bp, "%s -f \"%s\"", cmd,
src);
as the clever eye might see, all I do is to surround arguments to the
remote ssh with ""es and increases the memory allocation caused
by this.
Note: This even applies to other arguments, such as host and username,
although it rarely happens that one haves usernames or hostnames with &
or "".
IMPORTANT: This does not fix the problem with filenames with " in them.
(you probabbly need to tripple escape with something as ugly as
scp "blapp.machine.com:filename\\\"blapp" .
)
A search-replace routine on the src-string (" to \") would fix this,
but my C-knowledge is non-existing.
--
Stian S?iland - Trondheim, Norway - http://stain.portveien.to/
Uten forutg?ende varsel har utleier rett til ?
tilintetgj?re illeluktende gjenstander - enten
dette er mat eller andre ting. [Voll studentby]
-------------- next part --------------
--- scp.c Tue Dec 12 17:36:30 2000
+++ /home/stain/scp.c Tue Dec 12 17:36:17 2000
@@ -387,7 +387,7 @@
host = strchr(argv[i], '@');
len = strlen(ssh_program) + strlen(argv[i]) +
strlen(src) + (tuser ? strlen(tuser) : 0) +
- strlen(thost) + strlen(targ) + CMDNEEDS + 32;
+ strlen(thost) + strlen(targ) + CMDNEEDS + 40;
bp = xmalloc(len);
if (host) {
*host++ = 0;
@@ -398,7 +398,7 @@
else if (!okname(suser))
continue;
sprintf(bp,
- "%s%s -x -o'FallBackToRsh no' -n -l %s %s %s %s
'%s%s%s:%s'",
+ "%s%s -x -o'FallBackToRsh no' -n -l \"%s\"
\"%s\" \"%s\" \"%s\" '%s%s%s:%s'",
ssh_program, verbose_mode ? " -v" : "",
suser, host, cmd, src,
tuser ? tuser : "", tuser ? "@" : "",
@@ -406,7 +406,7 @@
} else {
host = cleanhostname(argv[i]);
sprintf(bp,
- "exec %s%s -x -o'FallBackToRsh no' -n %s %s %s
'%s%s%s:%s'",
+ "exec %s%s -x -o'FallBackToRsh no' -n \"%s\"
\"%s\" \"%s\" '%s%s%s:%s'",
ssh_program, verbose_mode ? " -v" : "",
host, cmd, src,
tuser ? tuser : "", tuser ? "@" : "",
@@ -472,9 +472,9 @@
continue;
}
host = cleanhostname(host);
- len = strlen(src) + CMDNEEDS + 20;
+ len = strlen(src) + CMDNEEDS + 22;
bp = xmalloc(len);
- (void) sprintf(bp, "%s -f %s", cmd, src);
+ (void) sprintf(bp, "%s -f \"%s\"", cmd, src);
if (do_cmd(host, suser, bp, &remin, &remout, argc) < 0) {
(void) xfree(bp);
++errs;