• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /***************************************************************************
2  *                                  _   _ ____  _
3  *  Project                     ___| | | |  _ \| |
4  *                             / __| | | | |_) | |
5  *                            | (__| |_| |  _ <| |___
6  *                             \___|\___/|_| \_\_____|
7  *
8  * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
9  *
10  * This software is licensed as described in the file COPYING, which
11  * you should have received as part of this distribution. The terms
12  * are also available at https://curl.se/docs/copyright.html.
13  *
14  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15  * copies of the Software, and permit persons to whom the Software is
16  * furnished to do so, under the terms of the COPYING file.
17  *
18  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19  * KIND, either express or implied.
20  *
21  ***************************************************************************/
22 
23 #include "curl_setup.h"
24 
25 #if defined(USE_SSH)
26 
27 #include <curl/curl.h>
28 #include "curl_memory.h"
29 #include "curl_path.h"
30 #include "escape.h"
31 #include "memdebug.h"
32 
33 #define MAX_SSHPATH_LEN 100000 /* arbitrary */
34 
35 /* figure out the path to work with in this particular request */
Curl_getworkingpath(struct Curl_easy * data,char * homedir,char ** path)36 CURLcode Curl_getworkingpath(struct Curl_easy *data,
37                              char *homedir,  /* when SFTP is used */
38                              char **path) /* returns the  allocated
39                                              real path to work with */
40 {
41   char *working_path;
42   size_t working_path_len;
43   struct dynbuf npath;
44   CURLcode result =
45     Curl_urldecode(data, data->state.up.path, 0, &working_path,
46                    &working_path_len, REJECT_ZERO);
47   if(result)
48     return result;
49 
50   /* new path to switch to in case we need to */
51   Curl_dyn_init(&npath, MAX_SSHPATH_LEN);
52 
53   /* Check for /~/, indicating relative to the user's home directory */
54   if((data->conn->handler->protocol & CURLPROTO_SCP) &&
55      (working_path_len > 3) && (!memcmp(working_path, "/~/", 3))) {
56     /* It is referenced to the home directory, so strip the leading '/~/' */
57     if(Curl_dyn_addn(&npath, &working_path[3], working_path_len - 3)) {
58       free(working_path);
59       return CURLE_OUT_OF_MEMORY;
60     }
61   }
62   else if((data->conn->handler->protocol & CURLPROTO_SFTP) &&
63           (working_path_len > 2) && !memcmp(working_path, "/~/", 3)) {
64     size_t len;
65     const char *p;
66     int copyfrom = 3;
67     if(Curl_dyn_add(&npath, homedir)) {
68       free(working_path);
69       return CURLE_OUT_OF_MEMORY;
70     }
71     /* Copy a separating '/' if homedir does not end with one */
72     len = Curl_dyn_len(&npath);
73     p = Curl_dyn_ptr(&npath);
74     if(len && (p[len-1] != '/'))
75       copyfrom = 2;
76 
77     if(Curl_dyn_addn(&npath,
78                      &working_path[copyfrom], working_path_len - copyfrom)) {
79       free(working_path);
80       return CURLE_OUT_OF_MEMORY;
81     }
82   }
83 
84   if(Curl_dyn_len(&npath)) {
85     free(working_path);
86 
87     /* store the pointer for the caller to receive */
88     *path = Curl_dyn_ptr(&npath);
89   }
90   else
91     *path = working_path;
92 
93   return CURLE_OK;
94 }
95 
96 /* The get_pathname() function is being borrowed from OpenSSH sftp.c
97    version 4.6p1. */
98 /*
99  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
100  *
101  * Permission to use, copy, modify, and distribute this software for any
102  * purpose with or without fee is hereby granted, provided that the above
103  * copyright notice and this permission notice appear in all copies.
104  *
105  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
106  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
107  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
108  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
109  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
110  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
111  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
112  */
Curl_get_pathname(const char ** cpp,char ** path,char * homedir)113 CURLcode Curl_get_pathname(const char **cpp, char **path, char *homedir)
114 {
115   const char *cp = *cpp, *end;
116   char quot;
117   unsigned int i, j;
118   size_t fullPathLength, pathLength;
119   bool relativePath = false;
120   static const char WHITESPACE[] = " \t\r\n";
121 
122   if(!*cp) {
123     *cpp = NULL;
124     *path = NULL;
125     return CURLE_QUOTE_ERROR;
126   }
127   /* Ignore leading whitespace */
128   cp += strspn(cp, WHITESPACE);
129   /* Allocate enough space for home directory and filename + separator */
130   fullPathLength = strlen(cp) + strlen(homedir) + 2;
131   *path = malloc(fullPathLength);
132   if(!*path)
133     return CURLE_OUT_OF_MEMORY;
134 
135   /* Check for quoted filenames */
136   if(*cp == '\"' || *cp == '\'') {
137     quot = *cp++;
138 
139     /* Search for terminating quote, unescape some chars */
140     for(i = j = 0; i <= strlen(cp); i++) {
141       if(cp[i] == quot) {  /* Found quote */
142         i++;
143         (*path)[j] = '\0';
144         break;
145       }
146       if(cp[i] == '\0') {  /* End of string */
147         /*error("Unterminated quote");*/
148         goto fail;
149       }
150       if(cp[i] == '\\') {  /* Escaped characters */
151         i++;
152         if(cp[i] != '\'' && cp[i] != '\"' &&
153             cp[i] != '\\') {
154           /*error("Bad escaped character '\\%c'",
155               cp[i]);*/
156           goto fail;
157         }
158       }
159       (*path)[j++] = cp[i];
160     }
161 
162     if(j == 0) {
163       /*error("Empty quotes");*/
164       goto fail;
165     }
166     *cpp = cp + i + strspn(cp + i, WHITESPACE);
167   }
168   else {
169     /* Read to end of filename - either to whitespace or terminator */
170     end = strpbrk(cp, WHITESPACE);
171     if(!end)
172       end = strchr(cp, '\0');
173     /* return pointer to second parameter if it exists */
174     *cpp = end + strspn(end, WHITESPACE);
175     pathLength = 0;
176     relativePath = (cp[0] == '/' && cp[1] == '~' && cp[2] == '/');
177     /* Handling for relative path - prepend home directory */
178     if(relativePath) {
179       strcpy(*path, homedir);
180       pathLength = strlen(homedir);
181       (*path)[pathLength++] = '/';
182       (*path)[pathLength] = '\0';
183       cp += 3;
184     }
185     /* Copy path name up until first "whitespace" */
186     memcpy(&(*path)[pathLength], cp, (int)(end - cp));
187     pathLength += (int)(end - cp);
188     (*path)[pathLength] = '\0';
189   }
190   return CURLE_OK;
191 
192   fail:
193   Curl_safefree(*path);
194   return CURLE_QUOTE_ERROR;
195 }
196 
197 #endif /* if SSH is used */
198