Commit Graph

140 Commits

Author SHA1 Message Date
Damien Miller 89f04852db on Cygwin, check paths from server for backslashes
Pointed out by Jann Horn of Google Project Zero
2017-03-20 11:53:34 +11:00
djm@openbsd.org c7995f296b upstream commit
check number of entries in SSH2_FXP_NAME response; avoids
unreachable overflow later. Reported by Jann Horn

Upstream-ID: b6b2b434a6d6035b1644ca44f24cd8104057420f
2017-01-04 13:23:04 +11:00
deraadt@openbsd.org 9136ec134c upstream commit
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then
use those definitions rather than pulling <sys/param.h> and unknown namespace
pollution. ok djm markus dtucker

Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8
2016-09-12 13:46:29 +10:00
schwarze@openbsd.org 0e059cdf5f upstream commit
To prevent screwing up terminal settings when printing to
 the terminal, for ASCII and UTF-8, escape bytes not forming characters and
 bytes forming non-printable characters with vis(3) VIS_OCTAL. For other
 character sets, abort printing of the current string in these cases.  In
 particular, * let scp(1) respect the local user's LC_CTYPE locale(1); *
 sanitize data received from the remote host; * sanitize filenames, usernames,
 and similar data even locally; * take character display widths into account
 for the progressmeter.

This is believed to be sufficient to keep the local terminal safe
on OpenBSD, but bad things can still happen on other systems with
state-dependent locales because many places in the code print
unencoded ASCII characters into the output stream.

Using feedback from djm@ and martijn@,
various aspects discussed with many others.

deraadt@ says it should go in now, i probably already hesitated too long

Upstream-ID: e66afbc94ee396ddcaffd433b9a3b80f387647e0
2016-06-06 11:27:38 +10:00
djm@openbsd.org 1a31d02b24 upstream commit
fix signed/unsigned errors reported by clang-3.7; add
 sshbuf_dup_string() to replace a common idiom of strdup(sshbuf_ptr()) with
 better safety checking; feedback and ok markus@

Upstream-ID: 71f926d9bb3f1efed51319a6daf37e93d57c8820
2016-05-02 20:35:04 +10:00
djm@openbsd.org 34a01b2cf7 upstream commit
whitespace at EOL

Upstream-ID: 5beffd4e001515da12851b974e2323ae4aa313b6
2016-04-08 18:21:51 +10:00
djm@openbsd.org e30cabfa4a upstream commit
fix regression in openssh-6.8 sftp client: existing
 destination directories would incorrectly terminate recursive uploads;
 bz#2528

Upstream-ID: 3306be469f41f26758e3d447987ac6d662623e18
2016-02-11 13:22:05 +11:00
djm@openbsd.org 9cc6842493 upstream commit
add error message on ftruncate failure; bz#2176

Upstream-ID: cbcc606e0b748520c74a210d8f3cc9718d3148cf
2015-05-28 18:54:55 +10:00
jsg@openbsd.org 64a89ec076 upstream commit
fix a memory leak in an error path ok markus@ dtucker@

Upstream-ID: bc1da0f205494944918533d8780fde65dff6c598
2015-05-25 09:49:46 +10:00
deraadt@openbsd.org 657a5fbc0d upstream commit
rename xrealloc() to xreallocarray() since it follows
 that form. ok djm
2015-04-29 18:15:23 +10:00
deraadt@openbsd.org 087266ec33 upstream commit
Reduce use of <sys/param.h> and transition to <limits.h>
 throughout. ok djm markus
2015-01-26 23:58:53 +11:00
djm@openbsd.org 7d845f4a0b upstream commit
update sftp client and server to new buffer API. pretty
 much just mechanical changes; with & ok markus
2015-01-15 02:22:18 +11:00
Damien Miller d8accc0aa7 - logan@cvs.openbsd.org 2014/04/21 14:36:16
[sftp-client.c sftp-client.h sftp.c]
     Implement sftp upload resume support.
     OK from djm@, with input from guenther@, mlarkin@ and
     okan@
2014-05-15 13:46:25 +10:00
Damien Miller 1d2c456426 - tedu@cvs.openbsd.org 2014/01/31 16:39:19
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c]
     [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c]
     [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c]
     [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c]
     [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h]
     replace most bzero with explicit_bzero, except a few that cna be memset
     ok djm dtucker
2014-02-04 11:18:20 +11:00
Darren Tucker 5f1c57a7a7 - djm@cvs.openbsd.org 2014/01/17 00:21:06
[sftp-client.c]
     signed/unsigned comparison warning fix; from portable (Id sync only)
2014-01-17 16:29:45 +11:00
Damien Miller c3d483f9a8 - (djm) [sftp-client.c] signed/unsigned comparison fix 2014-01-17 11:20:26 +11:00
Damien Miller 52c371cd6d - djm@cvs.openbsd.org 2014/01/16 07:31:09
[sftp-client.c]
     needless and incorrect cast to size_t can break resumption of
     large download; patch from tobias@
2014-01-16 18:42:10 +11:00
Damien Miller 393920745f - djm@cvs.openbsd.org 2013/12/05 22:59:45
[sftp-client.c]
     fix memory leak in error path in do_readdir(); pointed out by
     Loganaden Velvindron @ AfriNIC in bz#2163
2013-12-07 10:31:08 +11:00
Damien Miller 9275df3e0a - djm@cvs.openbsd.org 2013/12/04 04:20:01
[sftp-client.c]
     bz#2171: don't leak local_fd on error; from Loganaden Velvindron @
     AfriNIC
2013-12-05 10:26:32 +11:00
Damien Miller 0600c7020f - dtucker@cvs.openbsd.org 2013/11/08 11:15:19
[bufaux.c bufbn.c buffer.c sftp-client.c sftp-common.c sftp-glob.c]
     [uidswap.c] Include stdlib.h for free() as per the man page.
2013-11-21 13:55:43 +11:00
Damien Miller 6c81fee693 - djm@cvs.openbsd.org 2013/11/08 00:39:15
[auth-options.c auth2-chall.c authfd.c channels.c cipher-3des1.c]
     [clientloop.c gss-genr.c monitor_mm.c packet.c schnorr.c umac.c]
     [sftp-client.c sftp-glob.c]
     use calloc for all structure allocations; from markus@
2013-11-08 12:19:55 +11:00
Damien Miller f29238e674 - djm@cvs.openbsd.org 2013/10/17 00:30:13
[PROTOCOL sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c]
     fsync@openssh.com protocol extension for sftp-server
     client support to allow calling fsync() faster successful transfer
     patch mostly by imorgan AT nas.nasa.gov; bz#1798
     "fine" markus@ "grumble OK" deraadt@ "doesn't sound bad to me" millert@
2013-10-17 11:48:52 +11:00
Damien Miller 2f93d0556e - djm@cvs.openbsd.org 2013/10/11 02:52:23
[sftp-client.c]
     missed one arg reorder
2013-10-15 12:06:27 +11:00
Damien Miller bda5c84457 - djm@cvs.openbsd.org 2013/10/11 02:45:36
[sftp-client.c]
     rename flag arguments to be more clear and consistent.
     reorder some internal function arguments to make adding additional flags
     easier.
     no functional change
2013-10-15 12:05:58 +11:00
Darren Tucker b59aaf3c4f - djm@cvs.openbsd.org 2013/09/19 00:49:12
[sftp-client.c]
     fix swapped pflag and printflag in sftp upload_dir; from Iain Morgan
2013-10-10 10:26:21 +11:00
Damien Miller fec029f1dc - djm@cvs.openbsd.org 2013/08/09 03:39:13
[sftp-client.c]
     two problems found by a to-be-committed regress test: 1) msg_id was not
     being initialised so was starting at a random value from the heap
     (harmless, but confusing). 2) some error conditions were not being
     propagated back to the caller
2013-08-21 02:42:12 +10:00
Damien Miller c7dba12bf9 - djm@cvs.openbsd.org 2013/08/08 05:04:03
[sftp-client.c sftp-client.h sftp.c]
     add a "-l" flag for the rename command to force it to use the silly
     standard SSH_FXP_RENAME command instead of the POSIX-rename- like
     posix-rename@openssh.com extension.

     intended for use in regress tests, so no documentation.
2013-08-21 02:41:15 +10:00
Tim Rice ed899eb597 - (tim) [sftp-client.c] Use of a gcc extension trips up native compilers on
Solaris and UnixWare. Feedback and OK djm@
2013-07-25 15:40:00 -07:00
Damien Miller 0d032419ee - djm@cvs.openbsd.org 2013/07/25 00:56:52
[sftp-client.c sftp-client.h sftp.1 sftp.c]
     sftp support for resuming partial downloads; patch mostly by Loganaden
     Velvindron/AfriNIC with some tweaks by me; feedback and ok dtucker@
2013-07-25 11:56:52 +10:00
Darren Tucker c9a1991b95 - dtucker@cvs.openbsd.org 2013/06/01 22:34:50
[sftp-client.c]
     Update progressmeter when data is acked, not when it's sent.  bz#2108, from
     Debian via Colin Watson, ok djm@
2013-06-02 08:37:05 +10:00
Darren Tucker 3750fce6ac - dtucker@cvs.openbsd.org 2013/06/01 20:59:25
[scp.c sftp-client.c]
     Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is.  Patch
     from Nathan Osman via bz#2113.  ok deraadt.

(note: corrected bug number from 2085)
2013-06-02 07:52:21 +10:00
Darren Tucker a627d42e51 - djm@cvs.openbsd.org 2013/05/17 00:13:13
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
     dns.c packet.c readpass.c authfd.c moduli.c]
     bye, bye xfree(); ok markus@
2013-06-02 07:31:17 +10:00
Darren Tucker 4908d44e67 - dtucker@cvs.openbsd.org 2012/07/02 12:13:26
[ssh-pkcs11-helper.c sftp-client.c]
     fix a couple of "assigned but not used" warnings.  ok markus@
2012-07-02 22:15:38 +10:00
Damien Miller 57c38ac7d5 - markus@cvs.openbsd.org 2011/09/12 08:46:15
[sftp-client.c]
     fix leak in do_lsreaddir(); ok djm
2011-09-22 21:42:45 +10:00
Damien Miller 3decdba425 - markus@cvs.openbsd.org 2011/09/11 16:07:26
[sftp-client.c]
     fix leaks in do_hardlink() and do_readlink(); bz#1921
     from Loganaden Velvindron
2011-09-22 21:41:05 +10:00
Darren Tucker af1f909254 - djm@cvs.openbsd.org 2010/12/04 00:18:01
[sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c]
     add a protocol extension to support a hard link operation. It is
     available through the "ln" command in the client. The old "ln"
     behaviour of creating a symlink is available using its "-s" option
     or through the preexisting "symlink" command; based on a patch from
     miklos AT szeredi.hu in bz#1555; ok markus@
2010-12-05 09:02:47 +11:00
Damien Miller 65e42f87fe - djm@cvs.openbsd.org 2010/09/22 22:58:51
[atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c]
     [sftp-client.h sftp.1 sftp.c]
     add an option per-read/write callback to atomicio

     factor out bandwidth limiting code from scp(1) into a generic bandwidth
     limiter that can be attached using the atomicio callback mechanism

     add a bandwidth limit option to sftp(1) using the above
     "very nice" markus@
2010-09-24 22:15:11 +10:00
Damien Miller c4bb91c79c - djm@cvs.openbsd.org 2010/07/19 03:16:33
[sftp-client.c]
     bz#1797: fix swapped args in upload_dir_internal(), breaking recursive
     upload depth checks and causing verbose printing of transfers to always
     be turned on; patch from imorgan AT nas.nasa.gov
2010-08-03 16:04:22 +10:00
Damien Miller 495663165f - djm@cvs.openbsd.org 2010/06/18 04:43:08
[sftp-client.c]
     fix memory leak in do_realpath() error path; bz#1771, patch from
     anicka AT suse.cz
2010-06-26 09:38:23 +10:00
Darren Tucker 438b47320c - dtucker@cvs.openbsd.org 2009/10/11 10:41:26
[sftp-client.c]
     d_type isn't portable so use lstat to get dirent modes.  Suggested by and
     "looks sane" deraadt@
2009-10-11 21:52:10 +11:00
Darren Tucker c182d99376 - (dtucker) [configure.ac sftp-client.c] Remove the gyrations required for
dirent d_type and DTTOIF as we've switched OpenBSD to the more portable
   lstat.
2009-10-11 21:50:20 +11:00
Darren Tucker 538738d861 - (dtucker) d_type is not mandated by POSIX, so add fallback code using
stat(), needed on at least cygwin.
2009-10-07 18:56:10 +11:00
Darren Tucker 4adeac764e - (dtucker) [configure.ac sftp-client.c] DOTTIF is in fs/ffs/dir.h on at
least dragonflybsd.
2009-10-07 15:49:48 +11:00
Darren Tucker 1b0dd17537 - djm@cvs.openbsd.org 2009/08/18 18:36:21
[sftp-client.h sftp.1 sftp-client.c sftp.c]
     recursive transfer support for get/put and on the commandline
     work mostly by carlosvsilvapt@gmail.com for the Google Summer of Code
     with some tweaks by me; "go for it" deraadt@
2009-10-07 08:37:48 +11:00
Darren Tucker c22f090a2f - djm@cvs.openbsd.org 2009/08/14 18:17:49
[sftp-client.c]
     make the "get_handle: ..." error messages vaguely useful by allowing
     callers to specify their own error message strings.
2009-10-07 08:24:19 +11:00
Darren Tucker 821d3dbe36 - dtucker@cvs.openbsd.org 2009/06/22 05:39:28
[monitor_wrap.c monitor_mm.c ssh-keygen.c auth2.c gss-genr.c sftp-client.c]
     alphabetize includes; reduces diff vs portable and style(9).
     ok stevesk djm
     (Id sync only; these were already in order in -portable)
2009-06-22 16:11:06 +10:00
Damien Miller d8968adb5f - (djm) [atomicio.c channels.c clientloop.c defines.h includes.h]
[packet.c scp.c serverloop.c sftp-client.c ssh-agent.c ssh-keyscan.c]
   [sshd.c] Explicitly handle EWOULDBLOCK wherever we handle EAGAIN, on
   some platforms (HP nonstop) it is a distinct errno;
   bz#1467 reported by sconeu AT yahoo.com; ok dtucker@
2008-07-04 23:10:49 +10:00
Damien Miller 9e720284fe - djm@cvs.openbsd.org 2008/06/26 06:10:09
[sftp-client.c sftp-server.c]
     allow the sftp chmod(2)-equivalent operation to set set[ug]id/sticky
     bits. Note that this only affects explicit setting of modes (e.g. via
     sftp(1)'s chmod command) and not file transfers. (bz#1310)
     ok deraadt@ at c2k8
2008-06-29 22:46:35 +10:00
Darren Tucker a64ab33f04 - djm@cvs.openbsd.org 2008/06/12 20:47:04
[sftp-client.c]
     print extension revisions for extensions that we understand
2008-06-13 07:01:29 +10:00
Darren Tucker 7b598892be - dtucker@cvs.openbsd.org 2008/06/08 20:15:29
[sftp.c sftp-client.c sftp-client.h]
     Have the sftp client store the statvfs replies in wire format,
     which prevents problems when the server's native sizes exceed the
     client's.
     Also extends the sizes of the remaining 32bit wire format to 64bit,
     they're specified as unsigned long in the standard.
2008-06-09 22:49:36 +10:00