xref: /curl/lib/vssh/curl_path.c (revision 083b4ab6) 
1 /***************************************************************************
2  *                                  _   _ ____  _
3  *  Project                     ___| | | |  _ \| |
4  *                             / __| | | | |_) | |
5  *                            | (__| |_| |  _ <| |___
6  *                             \___|\___/|_| \_\_____|
7  *
8  * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
9  *
10  * This software is licensed as described in the file COPYING, which
11  * you should have received as part of this distribution. The terms
12  * are also available at https://curl.se/docs/copyright.html.
13  *
14  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15  * copies of the Software, and permit persons to whom the Software is
16  * furnished to do so, under the terms of the COPYING file.
17  *
18  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19  * KIND, either express or implied.
20  *
21  * SPDX-License-Identifier: curl AND ISC
22  *
23  ***************************************************************************/
24 
25 #include "curl_setup.h"
26 
27 #if defined(USE_SSH)
28 
29 #include "curl_path.h"
30 #include <curl/curl.h>
31 #include "curl_memory.h"
32 #include "escape.h"
33 #include "memdebug.h"
34 
35 #define MAX_SSHPATH_LEN 100000 /* arbitrary */
36 
37 /* figure out the path to work with in this particular request */
Curl_getworkingpath(struct Curl_easy * data,char * homedir,char ** path)38 CURLcode Curl_getworkingpath(struct Curl_easy *data,
39                              char *homedir,  /* when SFTP is used */
40                              char **path) /* returns the  allocated
41                                              real path to work with */
42 {
43   char *working_path;
44   size_t working_path_len;
45   struct dynbuf npath;
46   CURLcode result =
47     Curl_urldecode(data->state.up.path, 0, &working_path,
48                    &working_path_len, REJECT_ZERO);
49   if(result)
50     return result;
51 
52   /* new path to switch to in case we need to */
53   Curl_dyn_init(&npath, MAX_SSHPATH_LEN);
54 
55   /* Check for /~/, indicating relative to the user's home directory */
56   if((data->conn->handler->protocol & CURLPROTO_SCP) &&
57      (working_path_len > 3) && (!memcmp(working_path, "/~/", 3))) {
58     /* It is referenced to the home directory, so strip the leading '/~/' */
59     if(Curl_dyn_addn(&npath, &working_path[3], working_path_len - 3)) {
60       free(working_path);
61       return CURLE_OUT_OF_MEMORY;
62     }
63   }
64   else if((data->conn->handler->protocol & CURLPROTO_SFTP) &&
65           (!strcmp("/~", working_path) ||
66            ((working_path_len > 2) && !memcmp(working_path, "/~/", 3)))) {
67     if(Curl_dyn_add(&npath, homedir)) {
68       free(working_path);
69       return CURLE_OUT_OF_MEMORY;
70     }
71     if(working_path_len > 2) {
72       size_t len;
73       const char *p;
74       int copyfrom = 3;
75       /* Copy a separating '/' if homedir does not end with one */
76       len = Curl_dyn_len(&npath);
77       p = Curl_dyn_ptr(&npath);
78       if(len && (p[len-1] != '/'))
79         copyfrom = 2;
80 
81       if(Curl_dyn_addn(&npath,
82                        &working_path[copyfrom], working_path_len - copyfrom)) {
83         free(working_path);
84         return CURLE_OUT_OF_MEMORY;
85       }
86     }
87   }
88 
89   if(Curl_dyn_len(&npath)) {
90     free(working_path);
91 
92     /* store the pointer for the caller to receive */
93     *path = Curl_dyn_ptr(&npath);
94   }
95   else
96     *path = working_path;
97 
98   return CURLE_OK;
99 }
100 
101 /* The original get_pathname() function came from OpenSSH sftp.c version
102    4.6p1. */
103 /*
104  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
105  *
106  * Permission to use, copy, modify, and distribute this software for any
107  * purpose with or without fee is hereby granted, provided that the above
108  * copyright notice and this permission notice appear in all copies.
109  *
110  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
111  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
112  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
113  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
114  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
115  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
116  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
117  */
118 
119 #define MAX_PATHLENGTH 65535 /* arbitrary long */
120 
Curl_get_pathname(const char ** cpp,char ** path,const char * homedir)121 CURLcode Curl_get_pathname(const char **cpp, char **path, const char *homedir)
122 {
123   const char *cp = *cpp, *end;
124   char quot;
125   unsigned int i;
126   static const char WHITESPACE[] = " \t\r\n";
127   struct dynbuf out;
128   CURLcode result;
129 
130   DEBUGASSERT(homedir);
131   *path = NULL;
132   *cpp = NULL;
133   if(!*cp || !homedir)
134     return CURLE_QUOTE_ERROR;
135 
136   Curl_dyn_init(&out, MAX_PATHLENGTH);
137 
138   /* Ignore leading whitespace */
139   cp += strspn(cp, WHITESPACE);
140 
141   /* Check for quoted filenames */
142   if(*cp == '\"' || *cp == '\'') {
143     quot = *cp++;
144 
145     /* Search for terminating quote, unescape some chars */
146     for(i = 0; i <= strlen(cp); i++) {
147       if(cp[i] == quot) {  /* Found quote */
148         i++;
149         break;
150       }
151       if(cp[i] == '\0') {  /* End of string */
152         goto fail;
153       }
154       if(cp[i] == '\\') {  /* Escaped characters */
155         i++;
156         if(cp[i] != '\'' && cp[i] != '\"' &&
157             cp[i] != '\\') {
158           goto fail;
159         }
160       }
161       result = Curl_dyn_addn(&out, &cp[i], 1);
162       if(result)
163         return result;
164     }
165 
166     if(!Curl_dyn_len(&out))
167       goto fail;
168 
169     /* return pointer to second parameter if it exists */
170     *cpp = &cp[i] + strspn(&cp[i], WHITESPACE);
171   }
172   else {
173     /* Read to end of filename - either to whitespace or terminator */
174     end = strpbrk(cp, WHITESPACE);
175     if(!end)
176       end = strchr(cp, '\0');
177 
178     /* return pointer to second parameter if it exists */
179     *cpp = end + strspn(end, WHITESPACE);
180 
181     /* Handling for relative path - prepend home directory */
182     if(cp[0] == '/' && cp[1] == '~' && cp[2] == '/') {
183       result = Curl_dyn_add(&out, homedir);
184       if(!result)
185         result = Curl_dyn_addn(&out, "/", 1);
186       if(result)
187         return result;
188       cp += 3;
189     }
190     /* Copy path name up until first "whitespace" */
191     result = Curl_dyn_addn(&out, cp, (end - cp));
192     if(result)
193       return result;
194   }
195   *path = Curl_dyn_ptr(&out);
196   return CURLE_OK;
197 
198 fail:
199   Curl_dyn_free(&out);
200   return CURLE_QUOTE_ERROR;
201 }
202 
203 #endif /* if SSH is used */
204