X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/9520eba82befd328430269d889959f320bed46d5..8df7a775f6f8b0f81f84eafe28cd0bb8d4c6d1f4:/scp.c diff --git a/scp.c b/scp.c index 55fc3f3d..81f925bb 100644 --- a/scp.c +++ b/scp.c @@ -65,7 +65,7 @@ static char *gui_hwnd = NULL; static void source(char *src); static void rsource(char *src); -static void sink(char *targ); +static void sink(char *targ, char *src); /* GUI Adaptation - Sept 2000 */ static void tell_char(FILE *stream, char c); static void tell_str(FILE *stream, char *str); @@ -242,6 +242,19 @@ void connection_fatal(char *fmt, ...) } /* + * Be told what socket we're supposed to be using. + */ +static SOCKET scp_ssh_socket; +char *do_select(SOCKET skt, int startup) { + if (startup) + scp_ssh_socket = skt; + else + scp_ssh_socket = INVALID_SOCKET; + return NULL; +} +extern int select_result(WPARAM, LPARAM); + +/* * Receive a block of data from the SSH link. Block until all data * is available. * @@ -249,6 +262,7 @@ void connection_fatal(char *fmt, ...) * own trap in from_backend() to catch the data that comes back. We * do this until we have enough data. */ + static unsigned char *outptr; /* where to put the data */ static unsigned outlen; /* how much data required */ static unsigned char *pending = NULL; /* any spare data */ @@ -295,8 +309,6 @@ void from_backend(int is_stderr, char *data, int datalen) { } } static int ssh_scp_recv(unsigned char *buf, int len) { - SOCKET s; - outptr = buf; outlen = len; @@ -324,16 +336,12 @@ static int ssh_scp_recv(unsigned char *buf, int len) { while (outlen > 0) { fd_set readfds; - s = back->socket(); - if (s == INVALID_SOCKET) { - connection_open = FALSE; - return 0; - } + FD_ZERO(&readfds); - FD_SET(s, &readfds); + FD_SET(scp_ssh_socket, &readfds); if (select(1, &readfds, NULL, NULL, NULL) < 0) return 0; /* doom */ - back->msg(0, FD_READ); + select_result((WPARAM)scp_ssh_socket, (LPARAM)FD_READ); } return len; @@ -343,18 +351,15 @@ static int ssh_scp_recv(unsigned char *buf, int len) { * Loop through the ssh connection and authentication process. */ static void ssh_scp_init(void) { - SOCKET s; - - s = back->socket(); - if (s == INVALID_SOCKET) + if (scp_ssh_socket == INVALID_SOCKET) return; while (!back->sendok()) { fd_set readfds; FD_ZERO(&readfds); - FD_SET(s, &readfds); + FD_SET(scp_ssh_socket, &readfds); if (select(1, &readfds, NULL, NULL, NULL) < 0) return; /* doom */ - back->msg(0, FD_READ); + select_result((WPARAM)scp_ssh_socket, (LPARAM)FD_READ); } } @@ -464,7 +469,7 @@ static void do_cmd(char *host, char *user, char *cmd) back = &ssh_backend; - err = back->init(NULL, cfg.host, cfg.port, &realhost); + err = back->init(cfg.host, cfg.port, &realhost); if (err != NULL) bump("ssh_init: %s", err); ssh_scp_init(); @@ -754,7 +759,7 @@ static void rsource(char *src) /* * Execute the sink part of the SCP protocol. */ -static void sink(char *targ) +static void sink(char *targ, char *src) { char buf[2048]; char namebuf[2048]; @@ -822,6 +827,13 @@ static void sink(char *targ) if (sscanf(buf+1, "%u %lu %[^\n]", &mode, &size, namebuf) != 3) bump("Protocol error: Illegal file descriptor format"); + /* Security fix: ensure the file ends up where we asked for it. */ + if (src) { + char *p = src + strlen(src); + while (p > src && p[-1] != '/' && p[-1] != '\\') + p--; + strcpy(namebuf, p); + } if (targisdir) { char t[2048]; char *p; @@ -851,7 +863,7 @@ static void sink(char *targ) continue; } } - sink(namebuf); + sink(namebuf, NULL); /* can we set the timestamp for directories ? */ continue; } @@ -1064,7 +1076,7 @@ static void tolocal(int argc, char *argv[]) do_cmd(host, user, cmd); sfree(cmd); - sink(targ); + sink(targ, src); } /* @@ -1171,6 +1183,7 @@ int main(int argc, char *argv[]) flags = FLAG_STDERR; ssh_get_password = &get_password; init_winsock(); + sk_init(); for (i = 1; i < argc; i++) { if (argv[i][0] != '-')