Commit Graph

216 Commits

Author SHA1 Message Date
djm@openbsd.org
77e05394af upstream commit
Disable RemoteCommand and RequestTTY in the ssh session
started by scp. sftp is already doing this. From Camden Narzt via github; ok
dtucker

OpenBSD-Commit-ID: 59e2611141c0b2ee579c6866e8eb9d7d8217bc6b
2018-02-10 17:16:04 +11:00
millert@openbsd.org
c9e37a8725 upstream commit
Add helper function for uri handing in scp where a
missing path simply means ".".  Also fix exit code and add warnings when an
invalid uri is encountered.  OK otto@

OpenBSD-Commit-ID: 47dcf872380586dabf7fcc6e7baf5f8ad508ae1a
2017-12-19 15:21:37 +11:00
millert@openbsd.org
887669ef03 upstream commit
Add URI support to ssh, sftp and scp.  For example
ssh://user@host or sftp://user@host/path.  The connection parameters
described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since
the ssh fingerprint format in the draft uses md5 with no way to specify the
hash function type.  OK djm@

Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc
2017-10-23 16:10:08 +11:00
deraadt@openbsd.org
9e509d4ec9 upstream commit
Switch to recallocarray() for a few operations.  Both
growth and shrinkage are handled safely, and there also is no need for
preallocation dances. Future changes in this area will be less error prone.
Review and one bug found by markus

Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065
2017-06-01 14:55:22 +10:00
jmc@openbsd.org
4f1ca823ba upstream commit
remove options -12 from usage();

Upstream-ID: db7ceef25132e63b50ed05289bf447fece1d1270
2017-05-08 09:18:04 +10:00
Darren Tucker
329037e389 Wrap stdint.h in HAVE_STDINT_H 2017-05-01 13:53:55 +10:00
djm@openbsd.org
a3710d5d52 upstream commit
exterminate the -1 flag from scp

ok markus@

Upstream-ID: 26d247f7065da15056b209cef5f594ff591b89db
2017-05-01 10:05:05 +10:00
millert@openbsd.org
066437187e upstream commit
Avoid relying on implementation-specific behavior when
detecting whether the timestamp or file size overflowed.  If time_t and off_t
are not either 32-bit or 64-bit scp will exit with an error. OK djm@

Upstream-ID: f31caae73ddab6df496b7bbbf7da431e267ad135
2017-04-28 13:26:37 +10:00
millert@openbsd.org
91bd218186 upstream commit
Avoid potential signed int overflow when parsing the file
size. Use strtoul() instead of parsing manually.  OK djm@

Upstream-ID: 1f82640861c7d905bbb05e7d935d46b0419ced02
2017-04-28 13:26:36 +10:00
Damien Miller
dda78a03af Force Turkish locales back to C/POSIX; bz#2643
Turkish locales are unique in their handling of the letters 'i' and
'I' (yes, they are different letters) and OpenSSH isn't remotely
prepared to deal with that. For now, the best we can do is to force
OpenSSH to use the C/POSIX locale and try to preserve the UTF-8
encoding if possible.

ok dtucker@
2016-12-12 13:58:59 +11:00
deraadt@openbsd.org
9136ec134c upstream commit
Add MAXIMUM(), MINIMUM(), and ROUNDUP() to misc.h, then
use those definitions rather than pulling <sys/param.h> and unknown namespace
pollution. ok djm markus dtucker

Upstream-ID: 712cafa816c9f012a61628b66b9fbd5687223fb8
2016-09-12 13:46:29 +10:00
schwarze@openbsd.org
0e059cdf5f upstream commit
To prevent screwing up terminal settings when printing to
 the terminal, for ASCII and UTF-8, escape bytes not forming characters and
 bytes forming non-printable characters with vis(3) VIS_OCTAL. For other
 character sets, abort printing of the current string in these cases.  In
 particular, * let scp(1) respect the local user's LC_CTYPE locale(1); *
 sanitize data received from the remote host; * sanitize filenames, usernames,
 and similar data even locally; * take character display widths into account
 for the progressmeter.

This is believed to be sufficient to keep the local terminal safe
on OpenBSD, but bad things can still happen on other systems with
state-dependent locales because many places in the code print
unencoded ASCII characters into the output stream.

Using feedback from djm@ and martijn@,
various aspects discussed with many others.

deraadt@ says it should go in now, i probably already hesitated too long

Upstream-ID: e66afbc94ee396ddcaffd433b9a3b80f387647e0
2016-06-06 11:27:38 +10:00
dtucker@openbsd.org
8ef04d7a94 upstream commit
Improve accuracy of reported transfer speeds by waiting
 for the ack from the other end.  Pointed out by mmcc@, ok deraadt@ markus@

Upstream-ID: 99f1cf15c9a8f161086b814d414d862795ae153d
2016-03-04 15:12:20 +11:00
deraadt@openbsd.org
9080bd0b9c upstream commit
pledge "stdio rpath wpath cpath fattr tty proc exec"
 except for the -p option (which sadly has insane semantics...) ok semarie
 dtucker

Upstream-ID: 8854bbd58279abe00f6c33f8094bdc02c8c65059
2015-11-28 17:44:33 +11:00
mmcc@openbsd.org
e92c499a75 upstream commit
0 -> NULL when comparing with a char*.

ok dtucker@, djm@.

Upstream-ID: a928e9c21c0a9020727d99738ff64027c1272300
2015-10-17 05:45:10 +11:00
deraadt@openbsd.org
657a5fbc0d upstream commit
rename xrealloc() to xreallocarray() since it follows
 that form. ok djm
2015-04-29 18:15:23 +10:00
deraadt@openbsd.org
2ae4f337b2 upstream commit
Replace <sys/param.h> with <limits.h> and other less
 dirty headers where possible.  Annotate <sys/param.h> lines with their
 current reasons.  Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1,
 LOGIN_NAME_MAX, etc.  Change MIN() and MAX() to local definitions of
 MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution.
 These are the files confirmed through binary verification. ok guenther,
 millert, doug (helped with the verification protocol)
2015-01-16 18:24:48 +11:00
Damien Miller
1845fe6bda - djm@cvs.openbsd.org 2014/06/24 02:21:01
[scp.c]
     when copying local->remote fails during read, don't send uninitialised
     heap to the remote end. Reported by Jann Horn
2014-07-02 15:29:01 +10:00
Damien Miller
e00167307e - deraadt@cvs.openbsd.org 2013/11/20 20:53:10
[scp.c]
     unsigned casts for ctype macros where neccessary
     ok guenther millert markus
2013-11-21 13:56:49 +11:00
Damien Miller
bc35d92e78 - djm@cvs.openbsd.org 2013/06/22 06:31:57
[scp.c]
     improved time_t overflow check suggested by guenther@
2013-07-18 16:11:25 +10:00
Damien Miller
8158441d01 - djm@cvs.openbsd.org 2013/06/21 05:43:10
[scp.c]
     make this -Wsign-compare clean after time_t conversion
2013-07-18 16:11:07 +10:00
Damien Miller
044bd2a7dd - guenther@cvs.openbsd.org 2013/06/17 04:48:42
[scp.c]
     Handle time_t values as long long's when formatting them and when
     parsing them from remote servers.
     Improve error checking in parsing of 'T' lines.

     ok dtucker@ deraadt@
2013-07-18 16:09:25 +10:00
Darren Tucker
194454d7a8 - dtucker@cvs.openbsd.org 2013/06/04 19:12:23
[scp.c]
     use MAXPATHLEN for buffer size instead of fixed value.  ok markus
2013-06-06 08:16:04 +10:00
Darren Tucker
3750fce6ac - dtucker@cvs.openbsd.org 2013/06/01 20:59:25
[scp.c sftp-client.c]
     Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is.  Patch
     from Nathan Osman via bz#2113.  ok deraadt.

(note: corrected bug number from 2085)
2013-06-02 07:52:21 +10:00
Darren Tucker
a627d42e51 - djm@cvs.openbsd.org 2013/05/17 00:13:13
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
     dns.c packet.c readpass.c authfd.c moduli.c]
     bye, bye xfree(); ok markus@
2013-06-02 07:31:17 +10:00
Darren Tucker
dbee308253 - dtucker@cvs.openbsd.org 2013/05/16 09:08:41
[log.c scp.c sshd.c serverloop.c schnorr.c sftp.c]
     Fix some "unused result" warnings found via clang and -portable.
     ok markus@
2013-05-16 20:32:29 +10:00
Damien Miller
63b4bcd04e - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c]
[openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's
   so mark it as broken. Patch from des AT des.no
2013-03-20 12:55:14 +11:00
Damien Miller
0603d98b4e - djm@cvs.openbsd.org 2011/09/09 22:37:01
[scp.c]
     suppress adding '--' to remote commandlines when the first argument
     does not start with '-'. saves breakage on some difficult-to-upgrade
     embedded/router platforms; feedback & ok dtucker ok markus
2011-09-22 21:38:00 +10:00
Damien Miller
907998df72 - jmc@cvs.openbsd.org 2010/12/09 14:13:33
[scp.1 scp.c]
     scp.1: grammer fix
     scp.c: add -3 to usage()
2011-01-06 22:41:21 +11:00
Damien Miller
f12114366b - markus@cvs.openbsd.org 2010/12/08 22:46:03
[scp.1 scp.c]
     add a new -3 option to scp: Copies between two remote hosts are
     transferred through the local host.  Without this option the data
     is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
2011-01-06 22:40:30 +11:00
Damien Miller
87dc0a4188 - djm@cvs.openbsd.org 2010/11/26 05:52:49
[scp.c]
     Pass through ssh command-line flags and options when doing remote-remote
     transfers, e.g. to enable agent forwarding which is particularly useful
     in this case; bz#1837 ok dtucker@
2010-12-01 12:03:19 +11:00
Damien Miller
65e42f87fe - djm@cvs.openbsd.org 2010/09/22 22:58:51
[atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c]
     [sftp-client.h sftp.1 sftp.c]
     add an option per-read/write callback to atomicio

     factor out bandwidth limiting code from scp(1) into a generic bandwidth
     limiter that can be attached using the atomicio callback mechanism

     add a bandwidth limit option to sftp(1) using the above
     "very nice" markus@
2010-09-24 22:15:11 +10:00
Damien Miller
0979b40934 - millert@cvs.openbsd.org 2010/07/01 13:06:59
[scp.c]
     Fix a longstanding problem where if you suspend scp at the
     password/passphrase prompt the terminal mode is not restored.
     OK djm@
2010-07-02 13:37:33 +10:00
Darren Tucker
b8c884a0ba - guenther@cvs.openbsd.org 2009/12/20 07:28:36
[ssh.c sftp.c scp.c]
     When passing user-controlled options with arguments to other programs,
     pass the option and option argument as separate argv entries and
     not smashed into one (e.g., as -l foo and not -lfoo).  Also, always
     pass a "--" argument to stop option parsing, so that a positional
     argument that starts with a '-' isn't treated as an option.  This
     fixes some error cases as well as the handling of hostnames and
     filenames that start with a '-'.
     Based on a diff by halex@
     ok halex@ djm@ deraadt@
2010-01-08 18:53:43 +11:00
Damien Miller
b4acb47f5f - stevesk@cvs.openbsd.org 2008/10/10 04:55:16
[scp.c]
     spelling in comment; ok djm@
2008-11-03 19:23:45 +11:00
Damien Miller
d8968adb5f - (djm) [atomicio.c channels.c clientloop.c defines.h includes.h]
[packet.c scp.c serverloop.c sftp-client.c ssh-agent.c ssh-keyscan.c]
   [sshd.c] Explicitly handle EWOULDBLOCK wherever we handle EAGAIN, on
   some platforms (HP nonstop) it is a distinct errno;
   bz#1467 reported by sconeu AT yahoo.com; ok dtucker@
2008-07-04 23:10:49 +10:00
Darren Tucker
03ccc9b142 - dtucker@cvs.openbsd.org 2008/06/13 18:55:22
[scp.c]
     Prevent -Wsign-compare warnings on LP64 systems.  bz #1192, ok deraadt@
2008-06-14 09:02:25 +10:00
Tim Rice
3eb144911c - (tim) [scp.c] Use poll.h if available, fall back to sys/poll.h if not. Patch
by vinschen at redhat.com.
2008-03-13 17:59:50 -07:00
Darren Tucker
ccb13eedd7 - (dtucker) [scp.c] Include sys/poll.h inside HAVE_SYS_POLL_H. 2008-02-29 15:07:01 +11:00
Darren Tucker
9b439c1adc - dtucker@cvs.openbsd.org 2008/01/01 09:06:39
[scp.c]
     If scp -p encounters a pre-epoch timestamp, use the epoch which is
     as close as we can get given that it's used unsigned.  Add a little
     debugging while there.  bz #828, ok djm@
2008-01-01 20:33:57 +11:00
Darren Tucker
e566230cb0 - (dtucker) [scp.c] Update $OpenBSD tag missing from rev 1.175 and remove
leftover debug code.
2007-12-02 22:48:40 +11:00
Damien Miller
c77cadbff0 - djm@cvs.openbsd.org 2007/10/24 03:44:02
[scp.c]
     factor out network read/write into an atomicio()-like function, and
     use it to handle short reads, apply bandwidth limits and update
     counters. make network IO non-blocking, so a small trickle of
     reads/writes has a chance of updating the progress meter; bz #799
     ok dtucker@
2007-10-26 15:39:15 +10:00
Damien Miller
647d97b1ab - sobrado@cvs.openbsd.org 2007/08/06 19:16:06
[scp.1 scp.c]
     the ellipsis is not an optional argument; while here, sync the usage
     and synopsis of commands
     lots of good ideas by jmc@
     ok jmc@
2007-08-08 14:29:58 +10:00
Darren Tucker
067263e848 - djm@cvs.openbsd.org 2007/06/13 00:21:27
[scp.c]
     don't ftruncate() non-regular files; bz#1236 reported by wood AT
     xmission.com; ok dtucker@
2007-06-25 18:32:33 +10:00
Darren Tucker
bed63112f5 - dtucker@cvs.openbsd.org 2007/06/12 13:54:28
[scp.c]
     Encode filename with strnvis if the name contains a newline (which can't
     be represented in the scp protocol), from bz #891.  ok markus@
2007-06-13 00:02:07 +10:00
Darren Tucker
43ce902449 - djm@cvs.openbsd.org 2007/06/12 08:24:20
[scp.c]
     make scp try to skip FIFOs rather than blocking when nothing is listening.
     depends on the platform supporting sane O_NONBLOCK semantics for open
     on FIFOs (apparently POSIX does not mandate this), which OpenBSD does.
     bz #856; report by cjwatson AT debian.org; ok markus@
2007-06-12 23:41:06 +10:00
Darren Tucker
6ec2fbec8b - djm@cvs.openbsd.org 2007/01/22 13:06:21
[scp.c]
     fix detection of whether we should show progress meter or not: scp
     tested isatty(stderr) but wrote the progress meter to stdout. This patch
     makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com;
     of dtucker@
2007-02-19 22:14:11 +11:00
Damien Miller
d783435315 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 12:39:39 +10:00
Damien Miller
a7a73ee35d - stevesk@cvs.openbsd.org 2006/08/01 23:22:48
[auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c]
     [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c]
     [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c]
     [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c]
     [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c]
     [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c]
     [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c]
     [uuencode.h xmalloc.c]
     move #include <stdio.h> out of includes.h
2006-08-05 11:37:59 +10:00
Damien Miller
e7a1e5cf63 - stevesk@cvs.openbsd.org 2006/07/26 13:57:17
[authfd.c authfile.c dh.c canohost.c channels.c clientloop.c compat.c]
     [hostfile.c kex.c log.c misc.c moduli.c monitor.c packet.c readpass.c]
     [scp.c servconf.c session.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c]
     [sshconnect1.c sshd.c xmalloc.c]
     move #include <stdlib.h> out of includes.h
2006-08-05 11:34:19 +10:00