1 | /*************************************************************************** |
2 | * _ _ ____ _ |
3 | * Project ___| | | | _ \| | |
4 | * / __| | | | |_) | | |
5 | * | (__| |_| | _ <| |___ |
6 | * \___|\___/|_| \_\_____| |
7 | * |
8 | * Copyright (C) 1998 - 2022, Daniel Stenberg, <[email protected]>, et al. |
9 | * |
10 | * This software is licensed as described in the file COPYING, which |
11 | * you should have received as part of this distribution. The terms |
12 | * are also available at https://curl.se/docs/copyright.html. |
13 | * |
14 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
15 | * copies of the Software, and permit persons to whom the Software is |
16 | * furnished to do so, under the terms of the COPYING file. |
17 | * |
18 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
19 | * KIND, either express or implied. |
20 | * |
21 | * SPDX-License-Identifier: curl AND ISC |
22 | * |
23 | ***************************************************************************/ |
24 | |
25 | #include "curl_setup.h" |
26 | |
27 | #if defined(USE_SSH) |
28 | |
29 | #include <curl/curl.h> |
30 | #include "curl_memory.h" |
31 | #include "curl_path.h" |
32 | #include "escape.h" |
33 | #include "memdebug.h" |
34 | |
35 | /* figure out the path to work with in this particular request */ |
36 | CURLcode Curl_getworkingpath(struct Curl_easy *data, |
37 | char *homedir, /* when SFTP is used */ |
38 | char **path) /* returns the allocated |
39 | real path to work with */ |
40 | { |
41 | char *real_path = NULL; |
42 | char *working_path; |
43 | size_t working_path_len; |
44 | CURLcode result = |
45 | Curl_urldecode(data->state.up.path, 0, &working_path, |
46 | &working_path_len, REJECT_ZERO); |
47 | if(result) |
48 | return result; |
49 | |
50 | /* Check for /~/, indicating relative to the user's home directory */ |
51 | if(data->conn->handler->protocol & CURLPROTO_SCP) { |
52 | real_path = malloc(working_path_len + 1); |
53 | if(!real_path) { |
54 | free(working_path); |
55 | return CURLE_OUT_OF_MEMORY; |
56 | } |
57 | if((working_path_len > 3) && (!memcmp(working_path, "/~/" , 3))) |
58 | /* It is referenced to the home directory, so strip the leading '/~/' */ |
59 | memcpy(real_path, working_path + 3, working_path_len - 2); |
60 | else |
61 | memcpy(real_path, working_path, 1 + working_path_len); |
62 | } |
63 | else if(data->conn->handler->protocol & CURLPROTO_SFTP) { |
64 | if((working_path_len > 1) && (working_path[1] == '~')) { |
65 | size_t homelen = strlen(homedir); |
66 | real_path = malloc(homelen + working_path_len + 1); |
67 | if(!real_path) { |
68 | free(working_path); |
69 | return CURLE_OUT_OF_MEMORY; |
70 | } |
71 | /* It is referenced to the home directory, so strip the |
72 | leading '/' */ |
73 | memcpy(real_path, homedir, homelen); |
74 | real_path[homelen] = '/'; |
75 | real_path[homelen + 1] = '\0'; |
76 | if(working_path_len > 3) { |
77 | memcpy(real_path + homelen + 1, working_path + 3, |
78 | 1 + working_path_len -3); |
79 | } |
80 | } |
81 | else { |
82 | real_path = malloc(working_path_len + 1); |
83 | if(!real_path) { |
84 | free(working_path); |
85 | return CURLE_OUT_OF_MEMORY; |
86 | } |
87 | memcpy(real_path, working_path, 1 + working_path_len); |
88 | } |
89 | } |
90 | |
91 | free(working_path); |
92 | |
93 | /* store the pointer for the caller to receive */ |
94 | *path = real_path; |
95 | |
96 | return CURLE_OK; |
97 | } |
98 | |
99 | /* The get_pathname() function is being borrowed from OpenSSH sftp.c |
100 | version 4.6p1. */ |
101 | /* |
102 | * Copyright (c) 2001-2004 Damien Miller <[email protected]> |
103 | * |
104 | * Permission to use, copy, modify, and distribute this software for any |
105 | * purpose with or without fee is hereby granted, provided that the above |
106 | * copyright notice and this permission notice appear in all copies. |
107 | * |
108 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
109 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
110 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
111 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
112 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
113 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
114 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
115 | */ |
116 | CURLcode Curl_get_pathname(const char **cpp, char **path, char *homedir) |
117 | { |
118 | const char *cp = *cpp, *end; |
119 | char quot; |
120 | unsigned int i, j; |
121 | size_t fullPathLength, pathLength; |
122 | bool relativePath = false; |
123 | static const char WHITESPACE[] = " \t\r\n" ; |
124 | |
125 | if(!*cp) { |
126 | *cpp = NULL; |
127 | *path = NULL; |
128 | return CURLE_QUOTE_ERROR; |
129 | } |
130 | /* Ignore leading whitespace */ |
131 | cp += strspn(cp, WHITESPACE); |
132 | /* Allocate enough space for home directory and filename + separator */ |
133 | fullPathLength = strlen(cp) + strlen(homedir) + 2; |
134 | *path = malloc(fullPathLength); |
135 | if(!*path) |
136 | return CURLE_OUT_OF_MEMORY; |
137 | |
138 | /* Check for quoted filenames */ |
139 | if(*cp == '\"' || *cp == '\'') { |
140 | quot = *cp++; |
141 | |
142 | /* Search for terminating quote, unescape some chars */ |
143 | for(i = j = 0; i <= strlen(cp); i++) { |
144 | if(cp[i] == quot) { /* Found quote */ |
145 | i++; |
146 | (*path)[j] = '\0'; |
147 | break; |
148 | } |
149 | if(cp[i] == '\0') { /* End of string */ |
150 | /*error("Unterminated quote");*/ |
151 | goto fail; |
152 | } |
153 | if(cp[i] == '\\') { /* Escaped characters */ |
154 | i++; |
155 | if(cp[i] != '\'' && cp[i] != '\"' && |
156 | cp[i] != '\\') { |
157 | /*error("Bad escaped character '\\%c'", |
158 | cp[i]);*/ |
159 | goto fail; |
160 | } |
161 | } |
162 | (*path)[j++] = cp[i]; |
163 | } |
164 | |
165 | if(j == 0) { |
166 | /*error("Empty quotes");*/ |
167 | goto fail; |
168 | } |
169 | *cpp = cp + i + strspn(cp + i, WHITESPACE); |
170 | } |
171 | else { |
172 | /* Read to end of filename - either to whitespace or terminator */ |
173 | end = strpbrk(cp, WHITESPACE); |
174 | if(!end) |
175 | end = strchr(cp, '\0'); |
176 | /* return pointer to second parameter if it exists */ |
177 | *cpp = end + strspn(end, WHITESPACE); |
178 | pathLength = 0; |
179 | relativePath = (cp[0] == '/' && cp[1] == '~' && cp[2] == '/'); |
180 | /* Handling for relative path - prepend home directory */ |
181 | if(relativePath) { |
182 | strcpy(*path, homedir); |
183 | pathLength = strlen(homedir); |
184 | (*path)[pathLength++] = '/'; |
185 | (*path)[pathLength] = '\0'; |
186 | cp += 3; |
187 | } |
188 | /* Copy path name up until first "whitespace" */ |
189 | memcpy(&(*path)[pathLength], cp, (int)(end - cp)); |
190 | pathLength += (int)(end - cp); |
191 | (*path)[pathLength] = '\0'; |
192 | } |
193 | return CURLE_OK; |
194 | |
195 | fail: |
196 | Curl_safefree(*path); |
197 | return CURLE_QUOTE_ERROR; |
198 | } |
199 | |
200 | #endif /* if SSH is used */ |
201 | |