From 5fd38c0ed985d7d699e6be1ff5d211cac130b71e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 26 May 2005 12:02:14 +1000 Subject: [PATCH] - djm@cvs.openbsd.org 2005/04/09 04:32:54 [misc.c misc.h tildexpand.c Makefile.in] replace tilde_expand_filename with a simpler implementation, ahead of more whacking; ok deraadt@ --- ChangeLog | 6 ++++- Makefile.in | 4 +-- misc.c | 47 ++++++++++++++++++++++++++++++++- misc.h | 7 ++--- tildexpand.c | 73 ---------------------------------------------------- 5 files changed, 55 insertions(+), 82 deletions(-) delete mode 100644 tildexpand.c diff --git a/ChangeLog b/ChangeLog index 7712c31c9..b60dedef8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,10 @@ [ssh.c] Fix debug call for port forwards; patch from pete at seebeyond.com, ok djm@ (ID sync only - change already in portable) + - djm@cvs.openbsd.org 2005/04/09 04:32:54 + [misc.c misc.h tildexpand.c Makefile.in] + replace tilde_expand_filename with a simpler implementation, ahead of + more whacking; ok deraadt@ 20050524 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] @@ -2511,4 +2515,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3764 2005/05/26 02:01:22 djm Exp $ +$Id: ChangeLog,v 1.3765 2005/05/26 02:02:14 djm Exp $ diff --git a/Makefile.in b/Makefile.in index 3351d64d5..b8a01d2f8 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.271 2005/05/26 01:35:38 djm Exp $ +# $Id: Makefile.in,v 1.272 2005/05/26 02:02:15 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -67,7 +67,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o buffer.o \ cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \ compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \ log.o match.o moduli.o nchan.o packet.o \ - readpass.o rsa.o tildexpand.o ttymodes.o xmalloc.o \ + readpass.o rsa.o ttymodes.o xmalloc.o \ atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \ monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \ kexgex.o kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \ diff --git a/misc.c b/misc.c index 7adbcea1c..4bc07a42a 100644 --- a/misc.c +++ b/misc.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.29 2005/03/10 22:01:05 deraadt Exp $"); +RCSID("$OpenBSD: misc.c,v 1.30 2005/04/09 04:32:54 djm Exp $"); #include "misc.h" #include "log.h" @@ -375,6 +375,51 @@ addargs(arglist *args, char *fmt, ...) args->list[args->num] = NULL; } +/* + * Expands tildes in the file name. Returns data allocated by xmalloc. + * Warning: this calls getpw*. + */ +char * +tilde_expand_filename(const char *filename, uid_t uid) +{ + const char *path; + char user[128], ret[MAXPATHLEN]; + struct passwd *pw; + int len; + + if (*filename != '~') + return (xstrdup(filename)); + filename++; + + path = strchr(filename, '/'); + if (path != NULL && path > filename) { /* ~user/path */ + if (path - filename > sizeof(user) - 1) + fatal("tilde_expand_filename: ~username too long"); + memcpy(user, filename, path - filename); + user[path - filename] = '\0'; + if ((pw = getpwnam(user)) == NULL) + fatal("tilde_expand_filename: No such user %s", user); + } else if ((pw = getpwuid(uid)) == NULL) /* ~/path */ + fatal("tilde_expand_filename: No such uid %d", uid); + + if (strlcpy(ret, pw->pw_dir, sizeof(ret)) >= sizeof(ret)) + fatal("tilde_expand_filename: Path too long"); + + /* Make sure directory has a trailing '/' */ + len = strlen(pw->pw_dir); + if ((len == 0 || pw->pw_dir[len - 1] != '/') && + strlcat(ret, "/", sizeof(ret)) >= sizeof(ret)) + fatal("tilde_expand_filename: Path too long"); + + /* Skip leading '/' from specified path */ + if (path != NULL) + filename = path + 1; + if (strlcat(ret, filename, sizeof(ret)) >= sizeof(ret)) + fatal("tilde_expand_filename: Path too long"); + + return (xstrdup(ret)); +} + /* * Read an entire line from a public key file into a static buffer, discarding * lines that exceed the buffer size. Returns 0 on success, -1 on failure. diff --git a/misc.h b/misc.h index 8bbc87f0d..798d80fbf 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.21 2005/03/01 10:09:52 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.22 2005/04/09 04:32:54 djm Exp $ */ /* * Author: Tatu Ylonen @@ -24,6 +24,7 @@ char *hpdelim(char **); char *cleanhostname(char *); char *colon(char *); long convtime(const char *); +char *tilde_expand_filename(const char *, uid_t); struct passwd *pwcopy(struct passwd *); @@ -35,10 +36,6 @@ struct arglist { }; void addargs(arglist *, char *, ...) __attribute__((format(printf, 2, 3))); -/* tildexpand.c */ - -char *tilde_expand_filename(const char *, uid_t); - /* readpass.c */ #define RP_ECHO 0x0001 diff --git a/tildexpand.c b/tildexpand.c deleted file mode 100644 index cedb653b2..000000000 --- a/tildexpand.c +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -#include "includes.h" -RCSID("$OpenBSD: tildexpand.c,v 1.15 2004/05/21 08:43:03 markus Exp $"); - -#include "xmalloc.h" -#include "log.h" -#include "misc.h" - -/* - * Expands tildes in the file name. Returns data allocated by xmalloc. - * Warning: this calls getpw*. - */ -char * -tilde_expand_filename(const char *filename, uid_t my_uid) -{ - const char *cp; - u_int userlen; - char *expanded; - struct passwd *pw; - char user[100]; - int len; - - /* Return immediately if no tilde. */ - if (filename[0] != '~') - return xstrdup(filename); - - /* Skip the tilde. */ - filename++; - - /* Find where the username ends. */ - cp = strchr(filename, '/'); - if (cp) - userlen = cp - filename; /* Something after username. */ - else - userlen = strlen(filename); /* Nothing after username. */ - if (userlen == 0) - pw = getpwuid(my_uid); /* Own home directory. */ - else { - /* Tilde refers to someone elses home directory. */ - if (userlen > sizeof(user) - 1) - fatal("User name after tilde too long."); - memcpy(user, filename, userlen); - user[userlen] = 0; - pw = getpwnam(user); - } - if (!pw) - fatal("Unknown user %100s.", user); - - /* If referring to someones home directory, return it now. */ - if (!cp) { - /* Only home directory specified */ - return xstrdup(pw->pw_dir); - } - /* Build a path combining the specified directory and path. */ - len = strlen(pw->pw_dir) + strlen(cp + 1) + 2; - if (len > MAXPATHLEN) - fatal("Home directory too long (%d > %d", len-1, MAXPATHLEN-1); - expanded = xmalloc(len); - snprintf(expanded, len, "%s%s%s", pw->pw_dir, - strcmp(pw->pw_dir, "/") ? "/" : "", cp + 1); - return expanded; -}