X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/75cab8143b83245f207db6dce43878827465b0fd..8df7a775f6f8b0f81f84eafe28cd0bb8d4c6d1f4:/scp.c

diff --git a/scp.c b/scp.c
index ad1e69a4..81f925bb 100644
--- a/scp.c
+++ b/scp.c
@@ -26,6 +26,8 @@
 
 #define PUTTY_DO_GLOBALS
 #include "putty.h"
+#include "winstuff.h"
+#include "storage.h"
 
 #define TIME_POSIX_TO_WIN(t, ft) (*(LONGLONG*)&(ft) = \
 	((LONGLONG) (t) + (LONGLONG) 11644473600) * (LONGLONG) 10000000)
@@ -63,7 +65,7 @@ static char *gui_hwnd = NULL;
 
 static void source(char *src);
 static void rsource(char *src);
-static void sink(char *targ);
+static void sink(char *targ, char *src);
 /* GUI Adaptation - Sept 2000 */
 static void tell_char(FILE *stream, char c);
 static void tell_str(FILE *stream, char *str);
@@ -72,13 +74,76 @@ static void send_char_msg(unsigned int msg_id, char c);
 static void send_str_msg(unsigned int msg_id, char *str);
 static void gui_update_stats(char *name, unsigned long size, int percentage, time_t elapsed);
 
-/*
- * These functions are needed to link with other modules, but
- * (should) never get called.
- */
 void begin_session(void) { }
-void write_clip (void *data, int len) { }
-void term_deselect(void) { }
+void logevent(char *string) { }
+
+void verify_ssh_host_key(char *host, int port, char *keytype,
+                         char *keystr, char *fingerprint) {
+    int ret;
+
+    static const char absentmsg[] =
+        "The server's host key is not cached in the registry. You\n"
+        "have no guarantee that the server is the computer you\n"
+        "think it is.\n"
+        "The server's key fingerprint is:\n"
+        "%s\n"
+        "If you trust this host, enter \"y\" to add the key to\n"
+        "PuTTY's cache and carry on connecting.\n"
+        "If you do not trust this host, enter \"n\" to abandon the\n"
+        "connection.\n"
+        "Continue connecting? (y/n) ";
+
+    static const char wrongmsg[] =
+        "WARNING - POTENTIAL SECURITY BREACH!\n"
+        "The server's host key does not match the one PuTTY has\n"
+        "cached in the registry. This means that either the\n"
+        "server administrator has changed the host key, or you\n"
+        "have actually connected to another computer pretending\n"
+        "to be the server.\n"
+        "The new key fingerprint is:\n"
+        "%s\n"
+        "If you were expecting this change and trust the new key,\n"
+        "enter Yes to update PuTTY's cache and continue connecting.\n"
+        "If you want to carry on connecting but without updating\n"
+        "the cache, enter No.\n"
+        "If you want to abandon the connection completely, press\n"
+        "Return to cancel. Pressing Return is the ONLY guaranteed\n"
+        "safe choice.\n"
+        "Update cached key? (y/n, Return cancels connection) ";
+
+    static const char abandoned[] = "Connection abandoned.\n";
+
+    char line[32];
+
+    /*
+     * Verify the key against the registry.
+     */
+    ret = verify_host_key(host, port, keytype, keystr);
+
+    if (ret == 0)                      /* success - key matched OK */
+        return;
+    if (ret == 2) {                    /* key was different */
+        fprintf(stderr, wrongmsg, fingerprint);
+        if (fgets(line, sizeof(line), stdin) &&
+            line[0] != '\0' && line[0] != '\n') {
+            if (line[0] == 'y' || line[0] == 'Y')
+                store_host_key(host, port, keytype, keystr);
+        } else {
+            fprintf(stderr, abandoned);
+            exit(0);
+        }
+    }
+    if (ret == 1) {                    /* key was absent */
+        fprintf(stderr, absentmsg, fingerprint);
+        if (fgets(line, sizeof(line), stdin) &&
+            (line[0] == 'y' || line[0] == 'Y'))
+            store_host_key(host, port, keytype, keystr);
+        else {
+            fprintf(stderr, abandoned);
+            exit(0);
+        }
+    }
+}
 
 /* GUI Adaptation - Sept 2000 */
 static void send_msg(HWND h, UINT message, WPARAM wParam)
@@ -177,24 +242,43 @@ void connection_fatal(char *fmt, ...)
 }
 
 /*
+ * Be told what socket we're supposed to be using.
+ */
+static SOCKET scp_ssh_socket;
+char *do_select(SOCKET skt, int startup) {
+    if (startup)
+	scp_ssh_socket = skt;
+    else
+	scp_ssh_socket = INVALID_SOCKET;
+    return NULL;
+}
+extern int select_result(WPARAM, LPARAM);
+
+/*
  * Receive a block of data from the SSH link. Block until all data
  * is available.
  *
  * To do this, we repeatedly call the SSH protocol module, with our
- * own trap in term_out() to catch the data that comes back. We do
- * this until we have enough data.
+ * own trap in from_backend() to catch the data that comes back. We
+ * do this until we have enough data.
  */
+
 static unsigned char *outptr;          /* where to put the data */
 static unsigned outlen;                /* how much data required */
 static unsigned char *pending = NULL;  /* any spare data */
 static unsigned pendlen=0, pendsize=0; /* length and phys. size of buffer */
-void term_out(void) {
+void from_backend(int is_stderr, char *data, int datalen) {
+    unsigned char *p = (unsigned char *)data;
+    unsigned len = (unsigned)datalen;
+
     /*
-     * Here we must deal with a block of data, in `inbuf', size
-     * `inbuf_head'.
+     * stderr data is just spouted to local stderr and otherwise
+     * ignored.
      */
-    unsigned char *p = inbuf;
-    unsigned len = inbuf_head;
+    if (is_stderr) {
+	fwrite(data, 1, len, stderr);
+	return;
+    }
 
     inbuf_head = 0;
 
@@ -225,8 +309,6 @@ void term_out(void) {
     }
 }
 static int ssh_scp_recv(unsigned char *buf, int len) {
-    SOCKET s;
-
     outptr = buf;
     outlen = len;
 
@@ -254,17 +336,12 @@ static int ssh_scp_recv(unsigned char *buf, int len) {
 
     while (outlen > 0) {
         fd_set readfds;
-        s = back->socket();
-        if (s == INVALID_SOCKET) {
-            connection_open = FALSE;
-            return 0;
-        }
+
         FD_ZERO(&readfds);
-        FD_SET(s, &readfds);
+        FD_SET(scp_ssh_socket, &readfds);
         if (select(1, &readfds, NULL, NULL, NULL) < 0)
             return 0;                  /* doom */
-        back->msg(0, FD_READ);
-        term_out();
+        select_result((WPARAM)scp_ssh_socket, (LPARAM)FD_READ);
     }
 
     return len;
@@ -274,19 +351,15 @@ static int ssh_scp_recv(unsigned char *buf, int len) {
  * Loop through the ssh connection and authentication process.
  */
 static void ssh_scp_init(void) {
-    SOCKET s;
-
-    s = back->socket();
-    if (s == INVALID_SOCKET)
+    if (scp_ssh_socket == INVALID_SOCKET)
 	return;
     while (!back->sendok()) {
         fd_set readfds;
         FD_ZERO(&readfds);
-        FD_SET(s, &readfds);
+        FD_SET(scp_ssh_socket, &readfds);
         if (select(1, &readfds, NULL, NULL, NULL) < 0)
             return;                    /* doom */
-        back->msg(0, FD_READ);
-        term_out();
+        select_result((WPARAM)scp_ssh_socket, (LPARAM)FD_READ);
     }
 }
 
@@ -368,7 +441,7 @@ static void do_cmd(char *host, char *user, char *cmd)
 	bump("Empty host name");
 
     /* Try to load settings for this host */
-    do_defaults(host);
+    do_defaults(host, &cfg);
     if (cfg.host[0] == '\0') {
 	/* No settings for this host; use defaults */
 	strncpy(cfg.host, host, sizeof(cfg.host)-1);
@@ -396,7 +469,7 @@ static void do_cmd(char *host, char *user, char *cmd)
 
     back = &ssh_backend;
 
-    err = back->init(NULL, cfg.host, cfg.port, &realhost);
+    err = back->init(cfg.host, cfg.port, &realhost);
     if (err != NULL)
 	bump("ssh_init: %s", err);
     ssh_scp_init();
@@ -514,7 +587,7 @@ static void run_err(const char *fmt, ...)
     va_list ap;
     va_start(ap, fmt);
     errs++;
-    strcpy(str, "\01scp: ");
+    strcpy(str, "scp: ");
     vsprintf(str+strlen(str), fmt, ap);
     strcat(str, "\n");
     back->send(str, strlen(str));
@@ -686,7 +759,7 @@ static void rsource(char *src)
 /*
  *  Execute the sink part of the SCP protocol.
  */
-static void sink(char *targ)
+static void sink(char *targ, char *src)
 {
     char buf[2048];
     char namebuf[2048];
@@ -754,12 +827,23 @@ static void sink(char *targ)
 
 	if (sscanf(buf+1, "%u %lu %[^\n]", &mode, &size, namebuf) != 3)
 	    bump("Protocol error: Illegal file descriptor format");
+	/* Security fix: ensure the file ends up where we asked for it. */
+	if (src) {
+	    char *p = src + strlen(src);
+	    while (p > src && p[-1] != '/' && p[-1] != '\\')
+		p--;
+	    strcpy(namebuf, p);
+	}
 	if (targisdir) {
 	    char t[2048];
+	    char *p;
 	    strcpy(t, targ);
 	    if (targ[0] != '\0')
 		strcat(t, "/");
-	    strcat(t, namebuf);
+	    p = namebuf + strlen(namebuf);
+	    while (p > namebuf && p[-1] != '/' && p[-1] != '\\')
+		p--;
+	    strcat(t, p);
 	    strcpy(namebuf, t);
 	} else {
 	    strcpy(namebuf, targ);
@@ -779,7 +863,7 @@ static void sink(char *targ)
 		    continue;
 		}
 	    }
-	    sink(namebuf);
+	    sink(namebuf, NULL);
 	    /* can we set the timestamp for directories ? */
 	    continue;
 	}
@@ -992,7 +1076,7 @@ static void tolocal(int argc, char *argv[])
     do_cmd(host, user, cmd);
     sfree(cmd);
 
-    sink(targ);
+    sink(targ, src);
 }
 
 /*
@@ -1099,6 +1183,7 @@ int main(int argc, char *argv[])
     flags = FLAG_STDERR;
     ssh_get_password = &get_password;
     init_winsock();
+    sk_init();
 
     for (i = 1; i < argc; i++) {
 	if (argv[i][0] != '-')