X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/90a14a09e9d86c5de8f3985227aa65a6a49c87cc..0965bee0865fd8ea129b2de62a3c50e09c59a184:/scp.c diff --git a/scp.c b/scp.c index 0f20b256..c13be5ec 100644 --- a/scp.c +++ b/scp.c @@ -74,7 +74,6 @@ static void send_str_msg(unsigned int msg_id, char *str); static void gui_update_stats(char *name, unsigned long size, int percentage, unsigned long elapsed); -void begin_session(void) { } void logevent(char *string) { } void verify_ssh_host_key(char *host, int port, char *keytype, @@ -299,8 +298,8 @@ void from_backend(int is_stderr, char *data, int datalen) { if (len > 0) { if (pendsize < pendlen + len) { pendsize = pendlen + len + 4096; - pending = (pending ? realloc(pending, pendsize) : - malloc(pendsize)); + pending = (pending ? srealloc(pending, pendsize) : + smalloc(pendsize)); if (!pending) fatalbox("Out of memory"); } @@ -327,7 +326,7 @@ static int ssh_scp_recv(unsigned char *buf, int len) { pendlen -= pendused; if (pendlen == 0) { pendsize = 0; - free(pending); + sfree(pending); pending = NULL; } if (outlen == 0) @@ -377,7 +376,7 @@ static void bump(char *fmt, ...) strcat(str, "\n"); tell_str(stderr, str); - if (back->socket() != NULL) { + if (back != NULL && back->socket() != NULL) { char ch; back->special(TS_EOF); ssh_scp_recv(&ch, 1); @@ -436,6 +435,7 @@ static int get_password(const char *prompt, char *str, int maxlen) static void do_cmd(char *host, char *user, char *cmd) { char *err, *realhost; + DWORD namelen; if (host == NULL || host[0] == '\0') bump("Empty host name"); @@ -455,7 +455,15 @@ static void do_cmd(char *host, char *user, char *cmd) strncpy(cfg.username, user, sizeof(cfg.username)-1); cfg.username[sizeof(cfg.username)-1] = '\0'; } else if (cfg.username[0] == '\0') { - bump("Empty user name"); + namelen = 0; + if (GetUserName(user, &namelen) == FALSE) + bump("Empty user name"); + user = smalloc(namelen * sizeof(char)); + GetUserName(user, &namelen); + if (verbose) tell_user(stderr, "Guessing user name: %s", user); + strncpy(cfg.username, user, sizeof(cfg.username)-1); + cfg.username[sizeof(cfg.username)-1] = '\0'; + free(user); } if (cfg.protocol != PROT_SSH) @@ -828,12 +836,6 @@ static void sink(char *targ, char *src) if (sscanf(buf+1, "%u %lu %[^\n]", &mode, &size, namebuf) != 3) bump("Protocol error: Illegal file descriptor format"); /* Security fix: ensure the file ends up where we asked for it. */ - if (src) { - char *p = src + strlen(src); - while (p > src && p[-1] != '/' && p[-1] != '\\') - p--; - strcpy(namebuf, p); - } if (targisdir) { char t[2048]; char *p; @@ -1009,6 +1011,27 @@ static void toremote(int argc, char *argv[]) do { char *last; char namebuf[2048]; + /* + * Ensure that . and .. are never matched by wildcards, + * but only by deliberate action. + */ + if (!strcmp(fdat.cFileName, ".") || + !strcmp(fdat.cFileName, "..")) { + /* + * Find*File has returned a special dir. We require + * that _either_ `src' ends in a backslash followed + * by that string, _or_ `src' is precisely that + * string. + */ + int len = strlen(src), dlen = strlen(fdat.cFileName); + if (len == dlen && !strcmp(src, fdat.cFileName)) { + /* ok */; + } else if (len > dlen+1 && src[len-dlen-1] == '\\' && + !strcmp(src+len-dlen, fdat.cFileName)) { + /* ok */; + } else + continue; /* ignore this one */ + } if (strlen(src) + strlen(fdat.cFileName) >= sizeof(namebuf)) { tell_user(stderr, "%s: Name too long", src); @@ -1215,6 +1238,7 @@ int main(int argc, char *argv[]) } argc -= i; argv += i; + back = NULL; if (list) { if (argc != 1) @@ -1234,7 +1258,7 @@ int main(int argc, char *argv[]) tolocal(argc, argv); } - if (back->socket() != NULL) { + if (back != NULL && back->socket() != NULL) { char ch; back->special(TS_EOF); ssh_scp_recv(&ch, 1);