openssh unix dev - Mar 2003 - [Bug 517] bad "put" arg parsing

http://bugzilla.mindrot.org/show_bug.cgi?id=517

           Summary: bad "put" arg parsing
           Product: Portable OpenSSH
           Version: -current
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sftp
        AssignedTo: openssh-unix-dev at mindrot.org
        ReportedBy: djm at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=517





------- Additional Comments From jason at devrandom.org  2003-03-25 12:46
-------
Created an attachment (id=257)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=257&action=view)
Patch to fix problems fetching filenames with quotes in sftp




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=517





------- Additional Comments From jason at devrandom.org  2003-03-25 12:55
-------
The above patch replaces strchr with strrchr so that the get_pathname will look
for the last ' or " for the filepath and not the first " or '
it comes to.

Test/Proof:

(Current SFTP)

sftp> dir
silly""file''2
this"is' asillyname
sftp> get "silly\"\"file\'\'2"
Couldn't stat remote file: No such file or directory
File "/home/jason/silly\" not found.
sftp> get "thCouldn't stat remote file: No such file or directory
File "/home/jason/this\" not found.
is\"is\' asillyname"


(Patched SFTP)

sftp> dir
silly""file''2
sftp> get "silly\"\"file\'\'2"
silly""file''2                                100%    3    
0.4KB/s   00:00
Fetching /home/jason/this"is' asillyname to this"is'
asillyname
sftp> exit

Only thing is that the filename seems to mess up the progress meter.  This
changed didn't seem to break any fetches and solves every " or '
problem I could
throw at it.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=517





------- Additional Comments From jason at devrandom.org  2003-03-25 13:02
-------
Created an attachment (id=258)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=258&action=view)
Test case showing results of patched sftp

This is the results of sftp operations before and after the sftp patch.  The
originals I put into the comment came out all funny.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=517





------- Additional Comments From mouring at eviladmin.org  2003-03-25 13:52
-------
As we are currently discussion on irc this fails to work for get "foo"
"bar"
case.  I think the strchr() is correct, just needs to be wrapped into a loop 
until you find (*end) != '\\'.

- Ben



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=517





------- Additional Comments From djm at mindrot.org  2003-03-25 14:02 -------
hm, maybe I should rewrite the line parser using lex/yacc



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=517





------- Additional Comments From jason at devrandom.org  2003-03-25 14:46
-------
Or maybe I shouldn't make silly assumptions or have brain farts as to the
syntax
of get and put.  Ben's got a better fix.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=517

jason at devrandom.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #257 is|0                           |1
           obsolete|                            |





------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=517

jason at devrandom.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #258 is|0                           |1
           obsolete|                            |





------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=517





------- Additional Comments From mouring at eviladmin.org  2003-03-25 14:51
-------
Created an attachment (id=259)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=259&action=view)
More correct version

I believe that this is more what we want.  I've only lightly tested it, but
it support get "foo\"bar"  "dog"  correctly.  The logic
is just to loop through
and skip the char quot; if the character before it is a \.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=517





------- Additional Comments From djast at cs.toronto.edu  2003-03-26 05:04
-------
This fails to handle cases like "foo\\" where the quote is preceded by
a
backslash but should not be escaped.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=517

jason at devrandom.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #259 is|0                           |1
           obsolete|                            |





------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=517





------- Additional Comments From jason at devrandom.org  2003-03-26 13:50
-------
Created an attachment (id=260)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=260&action=view)
Patch to fix escapes of escapes

I think this *might* be the winner (?).  It seems to pass all the following
filename tests:

test test
test"\ "\
test"one
test\
test\"2
test\\\"""'
test\\\\

Can anyone come up with another test?



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=517

jason at devrandom.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #260 is|0                           |1
           obsolete|                            |



------- Additional Comments From jason at devrandom.org  2003-03-26 13:54
-------
Created an attachment (id=261)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=261&action=view)
Patch to fix escaping of quotes

Ummm.. a little tired here and uploaded the wrong .patch file.	This is the
correct one that passes all of the following tests:

test test
test"\ "\
test"one
test\
test\"2
test\\\"""'
test\\\\




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=517

jason at devrandom.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #261 is|0                           |1
           obsolete|                            |



------- Additional Comments From jason at devrandom.org  2003-03-28 11:28
-------
(From update of attachment 261)
No valid in several cases.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=517





------- Additional Comments From jason at devrandom.org  2003-03-30 05:13
-------
Created an attachment (id=264)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=264&action=view)
Parsing filenames surrounded in quotes.

Please test this patch.  Works for all above tests as well as doesn't break
on
non-terminated quotes and filenames ending with a \.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=517

jason at devrandom.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #264 is|0                           |1
           obsolete|                            |



------- Additional Comments From jason at devrandom.org  2003-03-31 11:36
-------
Created an attachment (id=265)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=265&action=view)
Patch for bux - minor fixes

Replaces check for " with quot for correct behavior.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.