From 63670d4e9030bcee490d5a9cce561373ac5b3b23 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Sat, 8 Jan 2022 07:36:11 +0000
Subject: upstream: fix some corner-case bugs in scp sftp-mode handling of

~-prefixed paths; spotted by jsg; feedback jsg & deraadt, ok jsg & markus

OpenBSD-Commit-ID: d1697dbaaa9f0f5649d69be897eab25c7d37c222
---
 scp.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

(limited to 'scp.c')

diff --git a/scp.c b/scp.c
index 7145d1a88..9ddaca183 100644
--- a/scp.c
+++ b/scp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.241 2021/10/24 21:24:17 deraadt Exp $ */
+/* $OpenBSD: scp.c,v 1.242 2022/01/08 07:36:11 djm Exp $ */
 /*
  * scp - secure remote copy.  This is basically patched BSD rcp which
  * uses ssh to do the data transfer (instead of using rcmd).
@@ -1250,13 +1250,18 @@ tolocal(int argc, char **argv, enum scp_mode_e mode, char *sftp_direct)
 static char *
 prepare_remote_path(struct sftp_conn *conn, const char *path)
 {
+	size_t nslash;
+
 	/* Handle ~ prefixed paths */
-	if (*path != '~')
-		return xstrdup(path);
 	if (*path == '\0' || strcmp(path, "~") == 0)
 		return xstrdup(".");
-	if (strncmp(path, "~/", 2) == 0)
-		return xstrdup(path + 2);
+	if (*path != '~')
+		return xstrdup(path);
+	if (strncmp(path, "~/", 2) == 0) {
+		if ((nslash = strspn(path + 2, "/")) == strlen(path + 2))
+			return xstrdup(".");
+		return xstrdup(path + 2 + nslash);
+	}
 	if (can_expand_path(conn))
 		return do_expand_path(conn, path);
 	/* No protocol extension */
-- 
cgit v1.2.3