Hi I found this issue in scp in the following blog link http://oldpapyrus.wordpress.com/2012/08/08/scp-a-funny-error/ when the wrong local file name is specified in local to remote transfer mode, scp first tries to establish the connection rather than to check first whether the file is proper or not. However I could not find a reported bug for this. I am attaching the fix as patch for this issue. Thanks Kapil http://jainkkapil.wordpress.com -------------- next part -------------- ? patch.txt Index: scp.c ==================================================================RCS file: /cvs/openssh/scp.c,v retrieving revision 1.189 diff -u -r1.189 scp.c --- scp.c 22 Sep 2011 11:38:01 -0000 1.189 +++ scp.c 19 Aug 2012 12:00:35 -0000 @@ -364,6 +364,7 @@ void tolocal(int, char *[]); void toremote(char *, int, char *[]); void usage(void); +void verifypath(char *); int main(int argc, char **argv) @@ -551,6 +552,18 @@ } void +verifypath(char *file) +{ + if (access(file, F_OK) == -1) + { + errno = ENOENT; + run_err("%s: %s",file,strerror(errno)); + killchild(0); + } +} + + +void toremote(char *targ, int argc, char **argv) { char *bp, *host, *src, *suser, *thost, *tuser, *arg; @@ -656,6 +669,7 @@ if (remin == -1) { xasprintf(&bp, "%s -t %s%s", cmd, *targ == '-' ? "-- " : "", targ); + verifypath(argv[i]);/*added to check for the local existence of file before trying to do anything*/ host = cleanhostname(thost); if (do_cmd(host, tuser, bp, &remin, &remout) < 0)
Hi, I reviewed my previous patch which causes scp to exit if the file does not exist rather than continuing the transfer if there are multiple input files. Here is another patch which differs from previous one in functionality that even if one file does not exist, continue with other input files and if valid, continue to upload them rather then exiting the scp program if an invalid file is found. -- Thanks Kapil K. Jain http://jainkkapil.wordpress.com -------------- next part -------------- ? patch.txt Index: scp.c ==================================================================RCS file: /cvs/openssh/scp.c,v retrieving revision 1.189 diff -u -r1.189 scp.c --- scp.c 22 Sep 2011 11:38:01 -0000 1.189 +++ scp.c 19 Aug 2012 16:43:00 -0000 @@ -653,6 +653,16 @@ if (do_local_cmd(&alist) != 0) errs = 1; } else { /* local to remote */ + /* Before trying to establish connection, + * check whether file exists or not. + * If not then continue with next file + */ + if( access(argv[i],F_OK) == -1 ){ + errno = ENOENT; + run_err("%s: %s",argv[i],strerror(errno)); + continue; + } + if (remin == -1) { xasprintf(&bp, "%s -t %s%s", cmd, *targ == '-' ? "-- " : "", targ);
On 19 August 2012 12:48, kapil jain <jainkkapil at gmail.com> wrote:> Hi, > > I reviewed my previous patch which causes scp to exit if the file does not > exist rather than continuing the transfer if there are multiple input files. > Here is another patch which differs from previous one in functionality that > even if one file does not exist, continue with other input files and if > valid, continue to upload them rather then exiting the scp program if an > invalid file is found.just a note: this suffers from a TOCTOU bug, though it is basically harmless (it reverts to the current behavior). -- Eitan Adler
On Mon, Aug 20, 2012 at 5:19 AM, Eitan Adler <lists at eitanadler.com> wrote:> On 19 August 2012 12:48, kapil jain <jainkkapil at gmail.com> wrote: > > Hi, > > > > I reviewed my previous patch which causes scp to exit if the file does > not > > exist rather than continuing the transfer if there are multiple input > files. > > Here is another patch which differs from previous one in functionality > that > > even if one file does not exist, continue with other input files and if > > valid, continue to upload them rather then exiting the scp program if an > > invalid file is found. > > just a note: this suffers from a TOCTOU bug, though it is basically > harmless (it reverts to the current behavior). > > -- > Eitan Adler >I dont think so as this is being serial execution and no process is forked before that. -- Thanks Kapil K. Jain http://jainkkapil.wordpress.com