- guenther@cvs.openbsd.org 2009/12/20 07:28:36
[ssh.c sftp.c scp.c]
When passing user-controlled options with arguments to other programs,
pass the option and option argument as separate argv entries and
not smashed into one (e.g., as -l foo and not -lfoo). Also, always
pass a "--" argument to stop option parsing, so that a positional
argument that starts with a '-' isn't treated as an option. This
fixes some error cases as well as the handling of hostnames and
filenames that start with a '-'.
Based on a diff by halex@
ok halex@ djm@ deraadt@
diff --git a/sftp.c b/sftp.c
index 1aa3742..d8728cc 100644
--- a/sftp.c
+++ b/sftp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp.c,v 1.114 2009/12/06 23:53:54 dtucker Exp $ */
+/* $OpenBSD: sftp.c,v 1.115 2009/12/20 07:28:36 guenther Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
*
@@ -1809,7 +1809,8 @@
fprintf(stderr, "Missing username\n");
usage();
}
- addargs(&args, "-l%s", userhost);
+ addargs(&args, "-l");
+ addargs(&args, "%s", userhost);
}
if ((cp = colon(host)) != NULL) {
@@ -1829,6 +1830,7 @@
if (sftp_server == NULL || strchr(sftp_server, '/') == NULL)
addargs(&args, "-s");
+ addargs(&args, "--");
addargs(&args, "%s", host);
addargs(&args, "%s", (sftp_server != NULL ?
sftp_server : "sftp"));