romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-14 21:51:41 +03:00
Code Issues Projects Releases Packages Wiki Activity

libssh2: fix error handling on quote errors

Browse source 
Previously it lacked the actual return. libssh.c uses the same function
name.

Verified by test 2007.

Reported-by: m777m0 on hackerone

Follow-up to 578706adde

Closes #20883
This commit is contained in:
Daniel Stenberg 2026-03-11 08:33:58 +01:00
parent a221e2fbff
commit 53a3b2114a
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
4 changed files with 51 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

18
lib/vssh/libssh.c
View file

@ -1346,8 +1346,8 @@ static int myssh_in_SFTP_POSTQUOTE_INIT(struct Curl_easy *data,
return SSH_NO_ERROR;
}
static int return_quote_error(struct Curl_easy *data,
struct ssh_conn *sshc)
static int quote_error(struct Curl_easy *data,
struct ssh_conn *sshc)
{
failf(data, "Suspicious data after the command line");
Curl_safefree(sshc->quote_path1);
@ -1467,7 +1467,7 @@ static int myssh_in_SFTP_QUOTE(struct Curl_easy *data,
return SSH_NO_ERROR;
}
if(*cp)
return return_quote_error(data, sshc);
return quote_error(data, sshc);
sshc->quote_attrs = NULL;
myssh_to(data, sshc, SSH_SFTP_QUOTE_STAT);
return SSH_NO_ERROR;
@ -1490,13 +1490,13 @@ static int myssh_in_SFTP_QUOTE(struct Curl_easy *data,
return SSH_NO_ERROR;
}
if(*cp)
return return_quote_error(data, sshc);
return quote_error(data, sshc);
myssh_to(data, sshc, SSH_SFTP_QUOTE_SYMLINK);
return SSH_NO_ERROR;
}
else if(!strncmp(cmd, "mkdir ", 6)) {
if(*cp)
return return_quote_error(data, sshc);
return quote_error(data, sshc);
/* create directory */
myssh_to(data, sshc, SSH_SFTP_QUOTE_MKDIR);
return SSH_NO_ERROR;
@ -1518,27 +1518,27 @@ static int myssh_in_SFTP_QUOTE(struct Curl_easy *data,
return SSH_NO_ERROR;
}
if(*cp)
return return_quote_error(data, sshc);
return quote_error(data, sshc);
myssh_to(data, sshc, SSH_SFTP_QUOTE_RENAME);
return SSH_NO_ERROR;
}
else if(!strncmp(cmd, "rmdir ", 6)) {
/* delete directory */
if(*cp)
return return_quote_error(data, sshc);
return quote_error(data, sshc);
myssh_to(data, sshc, SSH_SFTP_QUOTE_RMDIR);
return SSH_NO_ERROR;
}
else if(!strncmp(cmd, "rm ", 3)) {
if(*cp)
return return_quote_error(data, sshc);
return quote_error(data, sshc);
myssh_to(data, sshc, SSH_SFTP_QUOTE_UNLINK);
return SSH_NO_ERROR;
}
#ifdef HAS_STATVFS_SUPPORT
else if(!strncmp(cmd, "statvfs ", 8)) {
if(*cp)
return return_quote_error(data, sshc);
return quote_error(data, sshc);
myssh_to(data, sshc, SSH_SFTP_QUOTE_STATVFS);
return SSH_NO_ERROR;
}

18
lib/vssh/libssh2.c
View file

@ -715,8 +715,8 @@ static CURLcode ssh_force_knownhost_key_type(struct Curl_easy *data,
return result;
}
static CURLcode return_quote_error(struct Curl_easy *data,
struct ssh_conn *sshc)
static CURLcode quote_error(struct Curl_easy *data,
struct ssh_conn *sshc)
{
failf(data, "Suspicious data after the command line");
Curl_safefree(sshc->quote_path1);
@ -812,7 +812,7 @@ static CURLcode sftp_quote(struct Curl_easy *data,
return result;
}
if(*cp)
return_quote_error(data, sshc);
return quote_error(data, sshc);
memset(&sshp->quote_attrs, 0, sizeof(LIBSSH2_SFTP_ATTRIBUTES));
myssh_to(data, sshc, SSH_SFTP_QUOTE_STAT);
@ -831,13 +831,13 @@ static CURLcode sftp_quote(struct Curl_easy *data,
return result;
}
if(*cp)
return_quote_error(data, sshc);
return quote_error(data, sshc);
myssh_to(data, sshc, SSH_SFTP_QUOTE_SYMLINK);
return result;
}
else if(!strncmp(cmd, "mkdir ", 6)) {
if(*cp)
return_quote_error(data, sshc);
return quote_error(data, sshc);
/* create directory */
myssh_to(data, sshc, SSH_SFTP_QUOTE_MKDIR);
return result;
@ -854,26 +854,26 @@ static CURLcode sftp_quote(struct Curl_easy *data,
return result;
}
if(*cp)
return_quote_error(data, sshc);
return quote_error(data, sshc);
myssh_to(data, sshc, SSH_SFTP_QUOTE_RENAME);
return result;
}
else if(!strncmp(cmd, "rmdir ", 6)) {
if(*cp)
return_quote_error(data, sshc);
return quote_error(data, sshc);
/* delete directory */
myssh_to(data, sshc, SSH_SFTP_QUOTE_RMDIR);
return result;
}
else if(!strncmp(cmd, "rm ", 3)) {
if(*cp)
return_quote_error(data, sshc);
return quote_error(data, sshc);
myssh_to(data, sshc, SSH_SFTP_QUOTE_UNLINK);
return result;
}
else if(!strncmp(cmd, "statvfs ", 8)) {
if(*cp)
return_quote_error(data, sshc);
return quote_error(data, sshc);
myssh_to(data, sshc, SSH_SFTP_QUOTE_STATVFS);
return result;
}

2
tests/data/Makefile.am
View file

@ -243,7 +243,7 @@ test1955 test1956 test1957 test1958 test1959 test1960 test1964 \
test1970 test1971 test1972 test1973 test1974 test1975 test1976 test1977 \
test1978 test1979 test1980 test1981 \
\
test2000 test2001 test2002 test2003 test2004 test2005 test2006 \
test2000 test2001 test2002 test2003 test2004 test2005 test2006 test2007 \
\
test2023 \
test2024 test2025 test2026 test2027 test2028 test2029 test2030 test2031 \

32
tests/data/test2007 Normal file
View file

@ -0,0 +1,32 @@
<?xml version="1.0" encoding="US-ASCII"?>
<testcase>
<info>
<keywords>
SFTP
--quote
</keywords>
</info>
# Server-side
<reply>
</reply>
# Client-side
<client>
<server>
sftp
</server>
<name>
SFTP quote rmdir command with trailing junk
</name>
<command>
--hostpubmd5 %SSHSRVMD5 --key %LOGDIR/server/curl_client_key --pubkey %LOGDIR/server/curl_client_key.pub -u %USER: sftp://%HOSTIP:%SSHPORT%SFTP_PWD/%LOGDIR/file%TESTNUMBER.txt -Q "mkdir /tmp/test trailing_garbage"
</command>
</client>
<verify>
<errorcode>
21
</errorcode>
</verify>
</testcase>