shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-09 18:04:25 +09:00
Code Issues Packages Projects Releases Wiki Activity

scp: Workaround for Cisco devices not handling single quotes

Browse Source 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Jakub Jelen
2025-09-16 14:45:40 +02:00
parent 07d099f652
commit 358553e976
3 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
include/libssh/session.h
View File

@@ -89,6 +89,9 @@ enum ssh_pending_call_e {
#define SSH_SESSION_FLAG_KEX_STRICT 0x0010 #define SSH_SESSION_FLAG_KEX_STRICT 0x0010
/* Unexpected packets have been sent while the session was still unencrypted */ /* Unexpected packets have been sent while the session was still unencrypted */
#define SSH_SESSION_FLAG_KEX_TAINTED 0x0020 #define SSH_SESSION_FLAG_KEX_TAINTED 0x0020
/* The scp on server can not handle quoted paths. Skip the mitigation for
* CVE-2019-14889 when using scp */
#define SSH_SESSION_FLAG_SCP_QUOTING_BROKEN 0x0040
/* codes to use with ssh_handle_packets*() */ /* codes to use with ssh_handle_packets*() */
/* Infinite timeout */ /* Infinite timeout */

6
src/misc.c
View File

@@ -1376,6 +1376,7 @@ int ssh_analyze_banner(ssh_session session, int server)
{ {
const char *banner = NULL; const char *banner = NULL;
const char *openssh = NULL; const char *openssh = NULL;
const char *ios = NULL;
if (server) { if (server) {
banner = session->clientbanner; banner = session->clientbanner;
@@ -1465,6 +1466,11 @@ int ssh_analyze_banner(ssh_session session, int server)
major, minor, session->openssh); major, minor, session->openssh);
} }
} }
/* Cisco devices have odd scp implementation which breaks */
ios = strstr(banner, "Cisco");
if (ios != NULL) {
session->flags |= SSH_SESSION_FLAG_SCP_QUOTING_BROKEN;
}
done: done:
return 0; return 0;

12
src/scp.c
View File

@@ -30,6 +30,7 @@
#include "libssh/priv.h" #include "libssh/priv.h"
#include "libssh/scp.h" #include "libssh/scp.h"
#include "libssh/misc.h" #include "libssh/misc.h"
#include "libssh/session.h"
/** /**
* @defgroup libssh_scp The SSH scp functions * @defgroup libssh_scp The SSH scp functions
@@ -197,6 +198,17 @@ int ssh_scp_init(ssh_scp scp)
return SSH_ERROR; return SSH_ERROR;
} }
/* Some servers do not handle the quoting well. Pass in the raw file
* location */
if (scp->session->flags & SSH_SESSION_FLAG_SCP_QUOTING_BROKEN) {
free(quoted_location);
quoted_location = strdup(scp->location);
if (quoted_location == NULL) {
ssh_set_error_oom(scp->session);
return SSH_ERROR;
}
}
if (scp->mode == SSH_SCP_WRITE) { if (scp->mode == SSH_SCP_WRITE) {
snprintf(execbuffer, sizeof(execbuffer), "scp -t %s %s", snprintf(execbuffer, sizeof(execbuffer), "scp -t %s %s",
scp->recursive ? "-r" : "", quoted_location); scp->recursive ? "-r" : "", quoted_location);