Andrew Mortensen
2003-Sep-18 19:07 UTC
sftp quote parsing broken in OpenSSH 3.7.1 portable
In 3.7.1 portable, sftp no longer correctly parses filenames enclosed
in quotation marks. Below is an short transcript describing the bug.
sftp> ls
. ..
test_archive.tgz
sftp> get "test_archive.tgz"
Unterminated quote
sftp> get "test_archive.tgz" "test_archive.tgz"
Fetching /Users/admorten/testdir/test_archive.tgz to
/Users/admorten/testdir/test_archive.tgz 100% 773KB 0.0KB/s
00:00
sftp> lls -l
total 780
-rw-r--r-- 1 admorten staff 791161 Sep 18 14:49
sftp> get test_archive.tgz
Fetching /Users/admorten/testdir/test_archive.tgz to test_archive.tgz
/Users/admorten/testdir/test_archive.tgz 100% 773KB 0.0KB/s
00:00
sftp> lls -l
total 1560
-rw-r--r-- 1 admorten staff 791161 Sep 18 14:49
-rw-r--r-- 1 admorten staff 791161 Sep 18 14:51 test_archive.tgz
sftp>
--
The problem is that the position counter in sftp-int.c is not
incremented when the terminating quote is located. This causes the
"Unterminated quote" error when no destination is given. When a
destination is given, and is also wrapped in quotes, the characters
between the terminating quote of the source and the beginning quote of
the destination are taken to be the destination filename, resulting in
writes, above, to a file named " ". This behavior can also be
demonstrated using only three quotes:
sftp> get "test_archive.tgz"New_test_archive.tgz"
Fetching /Users/admorten/testdir/test_archive.tgz to
New_test_archive.tgz
/Users/admorten/testdir/test_archive.tgz 100% 773KB 0.0KB/s
00:00
sftp> lls -l
total 2340
-rw-r--r-- 1 admorten staff 791161 Sep 18 14:49
-rw-r--r-- 1 admorten staff 791161 Sep 18 14:57
New_test_archive.tgz
-rw-r--r-- 1 admorten staff 791161 Sep 18 14:51 test_archive.tgz
sftp>
Below is a patch fixing the increment:
--- sftp-int-orig.c Thu Sep 18 13:52:40 2003
+++ sftp-int.c Thu Sep 18 13:53:11 2003
@@ -351,6 +351,7 @@
for (i = j = 0; i <= strlen(cp); i++) {
if (cp[i] == quot) { /* Found quote */
(*path)[j] = '\0';
+ i++;
break;
}
if (cp[i] == '\0') { /* End of string */
andrew
Seemingly Similar Threads
- [Bug 690] sftp quoted filename parsing bug in get and put commands
- saving from word & excel
- [Bug 777] sftp can't be used with s/key names on OpenBSD
- The exclude option of Rsync not work right.
- [Bug 11545] New: -A (preserve ACLs) with --link-dest=DIR fails when DIR has a directory with the same file's name
Wisdom of the Ancients
