Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Tab-completion problem through ssh when files start by dash (_remote_files:compadd:80: bad option: -@)

X-seq: zsh-workers 40973
From: Daniel Shahaf <d.s@xxxxxxxxxxxxxxxxxx>
To: Antoine Amarilli <a3nm@xxxxxxxx>
Subject: Re: Tab-completion problem through ssh when files start by dash (_remote_files:compadd:80: bad option: -@)
Date: Sat, 15 Apr 2017 01:19:02 +0000
Cc: zsh-workers@xxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= daniel.shahaf.name; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s= fm1; bh=aTEXFxKziGWsTLEAGjvFV9/WkKz898CFDlaXWHXE4oc=; b=cr2VhuSj EQKSFBnDB+ERFjtQZ7AX5/cePWZ3nWJS6xLFtnoNxNGhHD9ONcpJsmsyNHbBFsJg XiQRc6CcmSLOYV8yvH1d1ZKxfo2F5dvi8RJctSYmv28epH65bHH8hYnHcm+1sbwi KHrPZrNu5ue8bZugpt9DQN7la8ZWca8A3i6rIKyoDKpbhHK2xCj2CqOyhYetMjHw 2CWxGYoYBaEWYYvraAHP1RcyhWe39L8T+J5/nBmNKFzZ0WxrYCj6f9Z40OXz1VUR YI+e32pDTChnj2L+tUg5eD74BX5mSdZogIP/KFkoyhR11TzaoFhLbuc03DN1fuFm 5Iz/7rXXJTzspw==
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s= fm1; bh=aTEXFxKziGWsTLEAGjvFV9/WkKz898CFDlaXWHXE4oc=; b=rVoG4Mcr ZlktnwrPMtLXfuSisqKVxPIKUI5qePNbd9lTyDWvROLxqX9C5VI/YTA8TFJ68y4j GbzIHAEThO2+1nckE8b3yjxL8wX4xuC8JonCR6PH44S0Vq1ts+uSu+Q5WHJGI0Fj id8EXkRsoZrYuhJEZlOkc9wVuVvBbyy9oNvcwCClHqNG1DyH4os5aodxgfuCg9XQ LZ9H9kSuv4+ws7ExyTBLX8mPWlx8RcBTTmu/fqy8h261rT4MK2GQrR6BKcO04NVm V7ga4XO2a4w2itboy3yRKe02kbBwvcU7YvWfKkxZZL9olqDv7WSZUh55hEy1oN4z yX/ASqhX/XnKdA==
In-reply-to: <20170413174717.4w6iatxztyutpbps@mu.a3nm.net>
List-help: <mailto:zsh-workers-help@zsh.org>
List-id: Zsh Workers List <zsh-workers.zsh.org>
List-post: <mailto:zsh-workers@zsh.org>
Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
References: <20170413174717.4w6iatxztyutpbps@mu.a3nm.net>

Antoine Amarilli wrote on Thu, Apr 13, 2017 at 19:47:17 +0200:
> So it looks to me like the internals of tab-completion are not properly
> escaping the file names in this case, hence the warning. This is mostly
> an annoyance, but maybe there could be some more problematic
> implications (e.g., maybe a malicious jdoe on bar could create files
> that would pass actual options to compadd and mess up more seriously
> with the zsh session on foo).

The «-R remote-func» option seems to be the most obvious method of
injection.  I'm not sure whether it requires a literal function name, or
whether an anonymous function would be accepted too.

> When I do this, the result looks like this:
> 
>   foo% touch blah
>   foo% scp blah jdoe@bar:<TAB>
>   _remote_files:compadd:80: bad option: -@
>   foo% scp test jdoe@bar:
>   [ACTUAL CONTENTS OF ~jdoe ON bar]

I think this fixes it?

diff --git a/Completion/Unix/Type/_remote_files b/Completion/Unix/Type/_remote_files
index 1e9fed1..a5fce9a 100644
--- a/Completion/Unix/Type/_remote_files
+++ b/Completion/Unix/Type/_remote_files
@@ -58,11 +58,13 @@ if zstyle -T ":completion:${curcontext}:files" remote-access; then
     else rempat="${(q)PREFIX%%[^./][^/]#}\*"
   fi
 
+  # remote filenames
   remfiles=(${(M)${(f)"$(_call_program files $cmd $cmd_args $host ls -d1FL -- "$rempat" 2>/dev/null)"}%%[^/]#(|/)})
 
   compset -P '*/'
   compset -S '/*' || (( ${args[(I)-/]} )) || suf='remote file'
 
+  # display strings for remote files and directories
   remdispf=(${remfiles:#*/})
   remdispd=(${(M)remfiles:#*/})
 
@@ -77,9 +79,9 @@ if zstyle -T ":completion:${curcontext}:files" remote-access; then
   while _tags; do
     while _next_label files expl ${suf:-remote directory}; do
       [[ -n $suf ]] &&
-          compadd "$args[@]" "$expl[@]" -d remdispf ${(q)remdispf%[*=|]} && ret=0
+          compadd "$args[@]" "$expl[@]" -d remdispf -- ${(q)remdispf%[*=|]} && ret=0
       compadd ${suf:+-S/} -r "/ \t\n\-" "$args[@]" "$expl[@]" -d remdispd \
-	${(q)remdispd%/} && ret=0
+	-- ${(q)remdispd%/} && ret=0
     done
     (( ret )) || return 0
   done

Thanks for the report!

Daniel

Follow-Ups:
- Re: Tab-completion problem through ssh when files start by dash (_remote_files:compadd:80: bad option: -@)
  - From: Antoine Amarilli
- Re: Tab-completion problem through ssh when files start by dash (_remote_files:compadd:80: bad option: -@)
  - From: Bart Schaefer

References:
- Tab-completion problem through ssh when files start by dash (_remote_files:compadd:80: bad option: -@)
  - From: Antoine Amarilli

Messages sorted by: Reverse Date, Date, Thread, Author