actually get things done. I'm sure this is the second time I've
checked in this mistake :-/ Still, this time I've got right to the
bottom of the cause, and commented it clearly. Phew.
git-svn-id: svn://svn.tartarus.org/sgt/putty@1207
cda61777-01e9-0310-a592-
d414129be87e
* distinguish this case because `src' will be non-NULL
* and the last component of that will fail to match
* (the last component of) the name sent.
* distinguish this case because `src' will be non-NULL
* and the last component of that will fail to match
* (the last component of) the name sent.
+ *
+ * (Well, not always; if `src' is a wildcard, we do
+ * expect to get back filenames that don't correspond
+ * exactly to it. So we skip this check if `src'
+ * contains a *, a ? or a []. This is non-ideal - we
+ * would like to ensure that the returned filename
+ * actually matches the wildcard pattern - but one of
+ * SCP's protocol infelicities is that wildcard
+ * matching is done at the server end _by the server's
+ * rules_ and so in general this is infeasible. Live
+ * with it, or upgrade to SFTP.)
*/
char *striptarget, *stripsrc;
*/
char *striptarget, *stripsrc;
if (src) {
stripsrc = stripslashes(src);
if (src) {
stripsrc = stripslashes(src);
- if (strcmp(striptarget, stripsrc)) {
+ if (!stripsrc[strcspn(stripsrc, "*?[]")] &&
+ strcmp(striptarget, stripsrc)) {
tell_user(stderr, "warning: remote host attempted to"
" write to a different filename: disallowing");
tell_user(stderr, "warning: remote host attempted to"
" write to a different filename: disallowing");
+ /* Override the name the server provided with our own. */
+ striptarget = stripsrc;
- /* Override the name the server provided with our own. */
- striptarget = stripsrc;