• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /***************************************************************************
2  *                                  _   _ ____  _
3  *  Project                     ___| | | |  _ \| |
4  *                             / __| | | | |_) | |
5  *                            | (__| |_| |  _ <| |___
6  *                             \___|\___/|_| \_\_____|
7  *
8  * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
9  *
10  * This software is licensed as described in the file COPYING, which
11  * you should have received as part of this distribution. The terms
12  * are also available at https://curl.se/docs/copyright.html.
13  *
14  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15  * copies of the Software, and permit persons to whom the Software is
16  * furnished to do so, under the terms of the COPYING file.
17  *
18  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19  * KIND, either express or implied.
20  *
21  ***************************************************************************/
22 
23 #include "curl_setup.h"
24 
25 #if defined(USE_SSH)
26 
27 #include <curl/curl.h>
28 #include "curl_memory.h"
29 #include "curl_path.h"
30 #include "escape.h"
31 #include "memdebug.h"
32 
33 /* figure out the path to work with in this particular request */
Curl_getworkingpath(struct Curl_easy * data,char * homedir,char ** path)34 CURLcode Curl_getworkingpath(struct Curl_easy *data,
35                              char *homedir,  /* when SFTP is used */
36                              char **path) /* returns the  allocated
37                                              real path to work with */
38 {
39   char *real_path = NULL;
40   char *working_path;
41   size_t working_path_len;
42   CURLcode result =
43     Curl_urldecode(data, data->state.up.path, 0, &working_path,
44                    &working_path_len, REJECT_ZERO);
45   if(result)
46     return result;
47 
48   /* Check for /~/, indicating relative to the user's home directory */
49   if(data->conn->handler->protocol & CURLPROTO_SCP) {
50     real_path = malloc(working_path_len + 1);
51     if(!real_path) {
52       free(working_path);
53       return CURLE_OUT_OF_MEMORY;
54     }
55     if((working_path_len > 3) && (!memcmp(working_path, "/~/", 3)))
56       /* It is referenced to the home directory, so strip the leading '/~/' */
57       memcpy(real_path, working_path + 3, working_path_len - 2);
58     else
59       memcpy(real_path, working_path, 1 + working_path_len);
60   }
61   else if(data->conn->handler->protocol & CURLPROTO_SFTP) {
62     if((working_path_len > 1) && (working_path[1] == '~')) {
63       size_t homelen = strlen(homedir);
64       real_path = malloc(homelen + working_path_len + 1);
65       if(!real_path) {
66         free(working_path);
67         return CURLE_OUT_OF_MEMORY;
68       }
69       /* It is referenced to the home directory, so strip the
70          leading '/' */
71       memcpy(real_path, homedir, homelen);
72       real_path[homelen] = '/';
73       real_path[homelen + 1] = '\0';
74       if(working_path_len > 3) {
75         memcpy(real_path + homelen + 1, working_path + 3,
76                1 + working_path_len -3);
77       }
78     }
79     else {
80       real_path = malloc(working_path_len + 1);
81       if(!real_path) {
82         free(working_path);
83         return CURLE_OUT_OF_MEMORY;
84       }
85       memcpy(real_path, working_path, 1 + working_path_len);
86     }
87   }
88 
89   free(working_path);
90 
91   /* store the pointer for the caller to receive */
92   *path = real_path;
93 
94   return CURLE_OK;
95 }
96 
97 /* The get_pathname() function is being borrowed from OpenSSH sftp.c
98    version 4.6p1. */
99 /*
100  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
101  *
102  * Permission to use, copy, modify, and distribute this software for any
103  * purpose with or without fee is hereby granted, provided that the above
104  * copyright notice and this permission notice appear in all copies.
105  *
106  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
107  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
108  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
109  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
110  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
111  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
112  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
113  */
Curl_get_pathname(const char ** cpp,char ** path,char * homedir)114 CURLcode Curl_get_pathname(const char **cpp, char **path, char *homedir)
115 {
116   const char *cp = *cpp, *end;
117   char quot;
118   unsigned int i, j;
119   size_t fullPathLength, pathLength;
120   bool relativePath = false;
121   static const char WHITESPACE[] = " \t\r\n";
122 
123   if(!*cp) {
124     *cpp = NULL;
125     *path = NULL;
126     return CURLE_QUOTE_ERROR;
127   }
128   /* Ignore leading whitespace */
129   cp += strspn(cp, WHITESPACE);
130   /* Allocate enough space for home directory and filename + separator */
131   fullPathLength = strlen(cp) + strlen(homedir) + 2;
132   *path = malloc(fullPathLength);
133   if(!*path)
134     return CURLE_OUT_OF_MEMORY;
135 
136   /* Check for quoted filenames */
137   if(*cp == '\"' || *cp == '\'') {
138     quot = *cp++;
139 
140     /* Search for terminating quote, unescape some chars */
141     for(i = j = 0; i <= strlen(cp); i++) {
142       if(cp[i] == quot) {  /* Found quote */
143         i++;
144         (*path)[j] = '\0';
145         break;
146       }
147       if(cp[i] == '\0') {  /* End of string */
148         /*error("Unterminated quote");*/
149         goto fail;
150       }
151       if(cp[i] == '\\') {  /* Escaped characters */
152         i++;
153         if(cp[i] != '\'' && cp[i] != '\"' &&
154             cp[i] != '\\') {
155           /*error("Bad escaped character '\\%c'",
156               cp[i]);*/
157           goto fail;
158         }
159       }
160       (*path)[j++] = cp[i];
161     }
162 
163     if(j == 0) {
164       /*error("Empty quotes");*/
165       goto fail;
166     }
167     *cpp = cp + i + strspn(cp + i, WHITESPACE);
168   }
169   else {
170     /* Read to end of filename - either to whitespace or terminator */
171     end = strpbrk(cp, WHITESPACE);
172     if(!end)
173       end = strchr(cp, '\0');
174     /* return pointer to second parameter if it exists */
175     *cpp = end + strspn(end, WHITESPACE);
176     pathLength = 0;
177     relativePath = (cp[0] == '/' && cp[1] == '~' && cp[2] == '/');
178     /* Handling for relative path - prepend home directory */
179     if(relativePath) {
180       strcpy(*path, homedir);
181       pathLength = strlen(homedir);
182       (*path)[pathLength++] = '/';
183       (*path)[pathLength] = '\0';
184       cp += 3;
185     }
186     /* Copy path name up until first "whitespace" */
187     memcpy(&(*path)[pathLength], cp, (int)(end - cp));
188     pathLength += (int)(end - cp);
189     (*path)[pathLength] = '\0';
190   }
191   return CURLE_OK;
192 
193   fail:
194   Curl_safefree(*path);
195   return CURLE_QUOTE_ERROR;
196 }
197 
198 #endif /* if SSH is used */
199