bin/65707: scp does not deal with local file copies with spaces

Hal Burch Hal_Burch at gs10.sp.cs.cmu.edu
Sun Apr 18 05:20:07 PDT 2004 

>Number:         65707
>Category:       bin
>Synopsis:       scp does not deal with local file copies with spaces
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Apr 18 05:20:07 PDT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Hal Burch
>Release:        FreeBSD 4.9-RC i386
>Organization:
<organization of PR author (multiple lines)>
>Environment:
System: FreeBSD hburch-lap.hburch.com 4.9-RC FreeBSD 4.9-RC #24: Fri Dec 26 11:16:36 EST 2003 hburch at hburch-lap.hburch.com:/usr/src/sys/compile/LOCAL i386

$ ssh -V
OpenSSH_3.5p1 FreeBSD-20030201, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
>Description:
If you scp a list of local files to a local directory, scp execs cp
to do its work.  If a filename has spaces in it, this process converts them
to separate filenames.

I was concerned about this being a possible security problem if you had
filenames with backspace characters or newlines.  After looking at the
code and testing some examples, this does not appear to be a problem.

However, this could cause unintended consequences (copy a different
file than expected).
>How-To-Repeat:
hburch-lap:~ $ mkdir tdir
hburch-lap:~ $ cd tdir
hburch-lap:~/tdir $ touch "a b"
hburch-lap:~/tdir $ scp * /tmp
cp: b: No such file or directory
cp: a: No such file or directory

Not certain what is going on here, though:
hburch-lap:~/tdir $ touch 'c
> d'
hburch-lap:~/tdir $ scp * /tmp
cp: b: No such file or directory
cp: a: No such file or directory
usage: cp [-R [-H | -L | -P]] [-f | -i | -n] [-pv] src target
       cp [-R [-H | -L | -P]] [-f | -i | -n] [-pv] src1 ... srcN directory
>Fix:
tolocal() execs cp for each argument by itself.  This may be as simple
as adding double quotes around the argv[i] %s, but I did not test that.
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list