[PATCH]: sftp: Avoid paths beginning with "//"

Corinna Vinschen vinschen at redhat.com
Tue Jul 31 20:15:23 EST 2001 

Hi,

I would like to ask if somebody had a look into this patch and
if anybody has a comment.

I would like to push this a bit since it's really important
for sftp clients on _any_ platform which have to communicate with
sftp-server on a Windows platform.

Corinna

On Wed, Jul 25, 2001 at 11:09:31AM +0200, Corinna Vinschen wrote:
> Hi,
> 
> the following patch has been suggested by Mark Bradshaw
> <bradshaw at staff.crosswalk.com>.
> 
> The simple concatenation of filenames in sftp client and server
> results in creating filenames beginning with double slashes
> when the cwd is the root directory:
> 
> 	cwd:  "/bar/baz"
> 	file: "foo"
> 	cwd + "/" + file = "/bar/baz/foo"
> 
> 	cwd:  "/"
> 	file: "foo"
> 	cwd + "/" + file = "//foo"
> 
> While that's no problem on U*X based OSes, it's a problem at least
> on Windows platforms due to the fact that the "//" syntax is reserved
> for network paths in the style "//server/share".
> 
> So, if the above concatenation occurs a Windows box desperately
> tries to contact a remote box called "foo" instead of trying to
> access file "/foo".
> 
> The below patch is least intrusive, IMO. It simply checks if the
> directory is "/" before concatenation and avoids to add another
> "/" then.
> 
> The problem is cross platform since the client is concerned as well.
> The reason is that the path concatenation occurs partly on the
> client side.  So, if somebody starts an sftp client on a Sun box
> to connect to an sftp-server on a Windows box, the same problem
> occurs. That's the reason the patch is not `#ifdef'd' in any
> way.
> 
> Thanks,
> Corinna
> 
> 
> Index: sftp-int.c
> ===================================================================
> RCS file: /cvs/openssh_cvs/sftp-int.c,v
> retrieving revision 1.27
> diff -u -p -r1.27 sftp-int.c
> --- sftp-int.c	2001/07/14 02:19:37	1.27
> +++ sftp-int.c	2001/07/25 08:44:29
> @@ -204,7 +204,8 @@ path_append(char *p1, char *p2)
>  
>  	ret = xmalloc(len);
>  	strlcpy(ret, p1, len);
> -	strlcat(ret, "/", len);
> +	if (strcmp(p1, "/") != 0) 
> +		strlcat(ret, "/", len);
>  	strlcat(ret, p2, len);
>  
>  	return(ret);
> Index: sftp-server.c
> ===================================================================
> RCS file: /cvs/openssh_cvs/sftp-server.c,v
> retrieving revision 1.34
> diff -u -p -r1.34 sftp-server.c
> --- sftp-server.c	2001/07/04 03:32:33	1.34
> +++ sftp-server.c	2001/07/25 08:44:31
> @@ -756,8 +756,8 @@ process_readdir(void)
>  				stats = xrealloc(stats, nstats * sizeof(Stat));
>  			}
>  /* XXX OVERFLOW ? */
> -			snprintf(pathname, sizeof pathname,
> -			    "%s/%s", path, dp->d_name);
> +			snprintf(pathname, sizeof pathname, "%s%s%s", path,
> +			    strcmp(path, "/") ? "/" : "", dp->d_name);
>  			if (lstat(pathname, &st) < 0)
>  				continue;
>  			stat_to_attrib(&st, &(stats[count].attrib));

-- 
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:vinschen at redhat.com

More information about the openssh-unix-dev mailing list