wolfscp: fix ExtractFileName for separator-less paths#1020
Open
yosuke-wolfssl wants to merge 1 commit into
Open
wolfscp: fix ExtractFileName for separator-less paths#1020yosuke-wolfssl wants to merge 1 commit into
yosuke-wolfssl wants to merge 1 commit into
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Fixes wolfSCP source-mode failures when the peer requests a bare relative name (no / or \ separators), which previously caused ExtractFileName() to return WS_BAD_ARGUMENT and abort recursive (and latent single-file) transfers.
Changes:
- Update
ExtractFileName()to reject only truly empty paths, allowing separator-less leaf names. - Improve recursive first-request error logging by reporting failures per-step (open dir / extract name / stat).
- Add internal unit coverage for
ExtractFileName()via a newWOLFSSH_TEST_INTERNALwrapper and a comprehensive unit test.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
src/wolfscp.c |
Fixes separator-less path handling in ExtractFileName(), adds an internal test wrapper, and refines recursive-request error logs. |
tests/unit.c |
Adds test_ScpExtractFileName covering bare names and a broad set of edge/error cases. |
wolfssh/internal.h |
Declares the new internal test wrapper under appropriate SCP and test guards. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
wolfSSL-Fenrir-bot
left a comment
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #1020
Scan targets checked: wolfssh-bugs, wolfssh-src
No new issues found in the changed files. ✅
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix recursive SCP source abort on separator-less paths
Problem
A recursive SCP source request for a bare relative name with no path separator — e.g.
scp -r -f scp_rk_src— aborted immediately after sending the top-level directory message, transferring no files. The receiving side sawWS_SUCCESSbut ended up with an empty destination. Absolute paths and any path containing a/worked fine.Root cause
ExtractFileName()rejected any path with no/or\separator:In the recursive first-request path,
ScpPushDir()opened the directory successfully, but the followingExtractFileName(peerRequest, ...)returnedWS_BAD_ARGUMENT(-1002) for the bare name. The failure then fell into a branch mislabeled"scp: error getting file stats, abort"— so the log pointed atGetFileStats, which was never actually reached. The same helper feeds the single-file request path, so a single-file GET of a bare filename had the same latent bug.A path with no separator is a valid bare file/directory name (the whole string is the leaf name); the existing length math already handles the
separator == -1case, so only the early-return guard was wrong.Changes
src/wolfscp.c—ExtractFileName(): reject only a genuinely empty path (if (pathLen == 0)) instead of any separator-less path. No behavior change for paths containing a separator (absolute paths unchanged). Fixes both the recursive-source and single-file request paths.src/wolfscp.c— recursive first-request branch: split the single misleading"error getting file stats"log into per-step messages (open base directory / extract name / get file stats), so a future failure names the actual culprit. Keeps the existing fallthrough cleanup style.tests/unit.c—test_ScpExtractFileName: new unit test covering bare name,./prefix, nested, absolute,./.., trailing separator, empty,NULLargs, too-small buffer, and the exact size-check boundary.ExtractFileNamestaysstatic; the test reaches it through a newwolfSSH_TestScpExtractFileNamewrapper guarded byWOLFSSH_TEST_INTERNAL.wolfssh/internal.h: prototype for the test wrapper inside the existingWOLFSSH_TEST_INTERNALblock, sub-guarded byWOLFSSH_SCP && !WOLFSSH_SCP_USER_CALLBACKS.Notes
ExtractFileNamewas never a path-traversal guard —../x-style paths always haveseparator >= 0and passed through unchanged; only a trivial bare./..was incidentally rejected before. Accepting./..now matches real scp semantics (scp -r host:. dst);./..directory entries are still skipped during the recursive walk, and sink-side path confinement is separate.Testing
tests/unit.test→ScpExtractFileName: SUCCESS. Negative control: with the old guard restored the test FAILS (exit 1), so it genuinely catches the bug.-fsanitize=address,undefined, no LeakSanitizer on macOS) → clean.scripts/scp.test→ALL Tests Passed(single-file client path unaffected).big.txt,sub/s.txt,top.txt) completes byte-identical (diff -rclean) againstexamples/echoserver.