Ticket #71 (closed defect)

Opened 9 years ago

Last modified 8 years ago

libssh2_scp_* do not handle whitespace in file names

Reported by: heiner0 Owned by: bagder
Priority: normal Milestone:
Component: SCP Version:
Keywords: Cc: heiner0, bagder
Blocked By: Blocks:

Description

it seems that some libssh2 SCP functions do not correctly handle
whitespace in file names. When trying to copy a file named "with blanks"
using libssh2_scp_recv() I get an error message.

The reason is that libssh2 builds a "scp" command line that will be
run on the remote side, but does not take care to quote the file
name. It runs the equivalent of the following "ssh" command:

scp -f with blanks

instead of (note the quotation marks):

scp -f 'with blanks'

The code causing problems is in libssh2_scp_recv():

memcpy(session->scpRecv_command, "scp -f ", sizeof("scp -f ") - 1);
memcpy(session->scpRecv_command + sizeof("scp -f ") - 1, path,

path_len);

(Similar code is in libssh2_scp_send()).

Variable "path" should get correct quoting.

I attached the function shell_quotearg() that could be used for quoting
the path name.

Attachments

shell_quotearg.c (2.5 KB) - added by heiner0 9 years ago.
shell_quotearg.2.c (6.0 KB) - added by heiner0 9 years ago.
file name quoting for Bourne shell and CSH
shellquote.patch (9.6 KB) - added by heiner0 9 years ago.
Patch for allowing whitespace in file names

Download all attachments as: .zip

Change History

Changed 9 years ago by heiner0

Changed 9 years ago by heiner0

file name quoting for Bourne shell and CSH

comment:1 Changed 9 years ago by heiner0

The shell_quotearg() function had problems when the login shell of the remote
user was the C-Shell (csh). The new function works with CSH as well.
It includes a small test program: cc -DMAIN -o qtest shell_quotearg.c; ./qtest "someone's test"

File Added: shell_quotearg.c

comment:2 Changed 9 years ago by bagder

So can you please submit a complete patch that makes use of the code you suggest?

Changed 9 years ago by heiner0

Patch for allowing whitespace in file names

comment:3 Changed 9 years ago by heiner0

[This comment is the same as request 2233372]

The attached patch fixes

[1960894] libssh2_scp_* do not handle whitespace in file names

It introduces a new (private) function
libssh2_shell_quotearg()

for "quoting" a shell command argument (e.g. a file name). Example:
one two

gets converted to
'one two'

(note the single quotation marks).

The quoting style ensures that the results work with both Bourne Shell
derivates (sh, ksh, ksh93, bash, zsh) and C-Shell dialects (csh, tcsh).

The new (private) macro
libssh2_shell_quotedsize()

calculates the maximum size a quoted string can have; this is useful for
allocating a memory buffer for the results.

I've tested the code with
Linux: bash, ksh93, tcsh
Solaris: sh, bash, csh

File Added: shellquote.patch

comment:4 Changed 8 years ago by bagder

If you tell me your real name, I'll give you the proper credit in the changelogs etc!

comment:5 Changed 8 years ago by sf-robot

This Tracker item was closed automatically by the system. It was
previously set to a Pending status, and the original submitter
did not respond within 14 days (the time period specified by
the administrator of this Tracker).

Note: See TracTickets for help on using tickets.