This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2goclient. commit ce559d163a943737fe4160f7233925df2eee1f9a Author: Mihai Moldovan <ionic@ionic.de> Date: Fri Dec 20 20:27:31 2019 +0100 src/sshprocess.cpp: strip ~/, ~user{,/}, ${HOME}{,/} and $HOME{,/} from destination paths in scp mode. Fixes: #1428. This was already necessary for pascp (PuTTY-based Windows solution for Kerberos support), but newer libssh versions with the CVE-2019-14889 also interpret paths as literal strings. --- debian/changelog | 5 +++++ src/sshprocess.cpp | 58 ++++++++++++++++++++++++++++++------------------------ 2 files changed, 37 insertions(+), 26 deletions(-) diff --git a/debian/changelog b/debian/changelog index 504d6ae..9f84281 100644 --- a/debian/changelog +++ b/debian/changelog @@ -135,6 +135,11 @@ x2goclient (4.1.2.2-0x2go1) UNRELEASED; urgency=medium sound weird first, but this behavior is consistent between all applications - tray icons can be clicked via either button and will always trigger a context menu. Let X2Go Client behave the same way. + - src/sshprocess.cpp: strip ~/, ~user{,/}, ${HOME}{,/} and $HOME{,/} from + destination paths in scp mode. Fixes: #1428. This was already necessary + for pascp (PuTTY-based Windows solution for Kerberos support), but newer + libssh versions with the CVE-2019-14889 also interpret paths as literal + strings. * debian/control: + Add build-depend on pkg-config. * x2goclient.spec: diff --git a/src/sshprocess.cpp b/src/sshprocess.cpp index 70c3b1c..aec5d0b 100644 --- a/src/sshprocess.cpp +++ b/src/sshprocess.cpp @@ -310,6 +310,38 @@ void SshProcess::start_cp(QString src, QString dst) x2goDebug<<"Copying file via SshProcess object "<<pid<<": "<<src<<" -> "<<dst; scpSource=src; + + /* + * pscp and newer libssh versions with the CVE-2019-14889 fixes treat + * paths as literal strings when in SFTP/SCP mode. + * + * Paths like the following will lead to errors: + * - ~user/foo.txt + * - ~/foo.txt + * - ${HOME}/foo.txt + * - $HOME/foo.txt + * + * However, relative paths are interpreted as relative to the user's home + * dir. + * For example: + * foo.txt + * + * This workaround assumes that files will never be uploaded to a home dir + * other than the user's. + */ + + dst.remove("~"+masterCon->getUser()+"/"); + dst.remove("~"+masterCon->getUser() ); + + dst.remove("~/"); + dst.remove("~" ); + + dst.remove("${HOME}/"); + dst.remove("${HOME}"); + + dst.remove("$HOME/"); + dst.remove("$HOME"); + if(!masterCon->useKerberos()) { connect(masterCon, SIGNAL(copyErr(SshProcess*,QString,QString)), this, @@ -321,32 +353,6 @@ void SshProcess::start_cp(QString src, QString dst) { proc=new QProcess(this); #ifdef Q_OS_WIN -//pscp doesn't acccept paths like the following when in SFTP mode (default) -//~user/foo.txt -//~/foo.txt -//${HOME}/foo.txt -//$HOME/foo.txt -// -//However, pscp does let you specify a path relative to the user's home dir. -//You simply specify the relative path without a / at the beginning. -//For example: -//foo.txt -// -//This workaround assumes that files will never be uploaded to a home dir -//other than the user's. - - dst.remove("~"+masterCon->getUser()+"/"); - dst.remove("~"+masterCon->getUser() ); - - dst.remove("~/"); - dst.remove("~" ); - - dst.remove("${HOME}/"); - dst.remove("${HOME}"); - - dst.remove("$HOME/"); - dst.remove("$HOME"); - QString sshString="pscp -batch -P "+ #else QString sshString="scp -o GSSApiAuthentication=yes -o PasswordAuthentication=no -o PubkeyAuthentication=no -P "+ -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient.git