X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/a9422f39e34f55d1925d1ebef35ace1a0f1c2f6a..8df7a775f6f8b0f81f84eafe28cd0bb8d4c6d1f4:/scp.c diff --git a/scp.c b/scp.c index 36863cfa..81f925bb 100644 --- a/scp.c +++ b/scp.c @@ -26,6 +26,7 @@ #define PUTTY_DO_GLOBALS #include "putty.h" +#include "winstuff.h" #include "storage.h" #define TIME_POSIX_TO_WIN(t, ft) (*(LONGLONG*)&(ft) = \ @@ -64,7 +65,7 @@ static char *gui_hwnd = NULL; static void source(char *src); static void rsource(char *src); -static void sink(char *targ); +static void sink(char *targ, char *src); /* GUI Adaptation - Sept 2000 */ static void tell_char(FILE *stream, char c); static void tell_str(FILE *stream, char *str); @@ -241,24 +242,43 @@ void connection_fatal(char *fmt, ...) } /* + * Be told what socket we're supposed to be using. + */ +static SOCKET scp_ssh_socket; +char *do_select(SOCKET skt, int startup) { + if (startup) + scp_ssh_socket = skt; + else + scp_ssh_socket = INVALID_SOCKET; + return NULL; +} +extern int select_result(WPARAM, LPARAM); + +/* * Receive a block of data from the SSH link. Block until all data * is available. * * To do this, we repeatedly call the SSH protocol module, with our - * own trap in term_out() to catch the data that comes back. We do - * this until we have enough data. + * own trap in from_backend() to catch the data that comes back. We + * do this until we have enough data. */ + static unsigned char *outptr; /* where to put the data */ static unsigned outlen; /* how much data required */ static unsigned char *pending = NULL; /* any spare data */ static unsigned pendlen=0, pendsize=0; /* length and phys. size of buffer */ -void term_out(void) { +void from_backend(int is_stderr, char *data, int datalen) { + unsigned char *p = (unsigned char *)data; + unsigned len = (unsigned)datalen; + /* - * Here we must deal with a block of data, in `inbuf', size - * `inbuf_head'. + * stderr data is just spouted to local stderr and otherwise + * ignored. */ - unsigned char *p = inbuf; - unsigned len = inbuf_head; + if (is_stderr) { + fwrite(data, 1, len, stderr); + return; + } inbuf_head = 0; @@ -289,8 +309,6 @@ void term_out(void) { } } static int ssh_scp_recv(unsigned char *buf, int len) { - SOCKET s; - outptr = buf; outlen = len; @@ -318,17 +336,12 @@ static int ssh_scp_recv(unsigned char *buf, int len) { while (outlen > 0) { fd_set readfds; - s = back->socket(); - if (s == INVALID_SOCKET) { - connection_open = FALSE; - return 0; - } + FD_ZERO(&readfds); - FD_SET(s, &readfds); + FD_SET(scp_ssh_socket, &readfds); if (select(1, &readfds, NULL, NULL, NULL) < 0) return 0; /* doom */ - back->msg(0, FD_READ); - term_out(); + select_result((WPARAM)scp_ssh_socket, (LPARAM)FD_READ); } return len; @@ -338,19 +351,15 @@ static int ssh_scp_recv(unsigned char *buf, int len) { * Loop through the ssh connection and authentication process. */ static void ssh_scp_init(void) { - SOCKET s; - - s = back->socket(); - if (s == INVALID_SOCKET) + if (scp_ssh_socket == INVALID_SOCKET) return; while (!back->sendok()) { fd_set readfds; FD_ZERO(&readfds); - FD_SET(s, &readfds); + FD_SET(scp_ssh_socket, &readfds); if (select(1, &readfds, NULL, NULL, NULL) < 0) return; /* doom */ - back->msg(0, FD_READ); - term_out(); + select_result((WPARAM)scp_ssh_socket, (LPARAM)FD_READ); } } @@ -460,7 +469,7 @@ static void do_cmd(char *host, char *user, char *cmd) back = &ssh_backend; - err = back->init(NULL, cfg.host, cfg.port, &realhost); + err = back->init(cfg.host, cfg.port, &realhost); if (err != NULL) bump("ssh_init: %s", err); ssh_scp_init(); @@ -578,7 +587,7 @@ static void run_err(const char *fmt, ...) va_list ap; va_start(ap, fmt); errs++; - strcpy(str, "\01scp: "); + strcpy(str, "scp: "); vsprintf(str+strlen(str), fmt, ap); strcat(str, "\n"); back->send(str, strlen(str)); @@ -750,7 +759,7 @@ static void rsource(char *src) /* * Execute the sink part of the SCP protocol. */ -static void sink(char *targ) +static void sink(char *targ, char *src) { char buf[2048]; char namebuf[2048]; @@ -818,12 +827,23 @@ static void sink(char *targ) if (sscanf(buf+1, "%u %lu %[^\n]", &mode, &size, namebuf) != 3) bump("Protocol error: Illegal file descriptor format"); + /* Security fix: ensure the file ends up where we asked for it. */ + if (src) { + char *p = src + strlen(src); + while (p > src && p[-1] != '/' && p[-1] != '\\') + p--; + strcpy(namebuf, p); + } if (targisdir) { char t[2048]; + char *p; strcpy(t, targ); if (targ[0] != '\0') strcat(t, "/"); - strcat(t, namebuf); + p = namebuf + strlen(namebuf); + while (p > namebuf && p[-1] != '/' && p[-1] != '\\') + p--; + strcat(t, p); strcpy(namebuf, t); } else { strcpy(namebuf, targ); @@ -843,7 +863,7 @@ static void sink(char *targ) continue; } } - sink(namebuf); + sink(namebuf, NULL); /* can we set the timestamp for directories ? */ continue; } @@ -1056,7 +1076,7 @@ static void tolocal(int argc, char *argv[]) do_cmd(host, user, cmd); sfree(cmd); - sink(targ); + sink(targ, src); } /* @@ -1163,6 +1183,7 @@ int main(int argc, char *argv[]) flags = FLAG_STDERR; ssh_get_password = &get_password; init_winsock(); + sk_init(); for (i = 1; i < argc; i++) { if (argv[i][0] != '-')