psftp and pscp should disable all forwarding (ports, X, agent).

Partly because that's a good idea _anyway_, and partly because it
seems to be causing trouble. (Specifically, their pathetic attempt
to emulate plink's proper select handling seems to get confused when
the back end tries to open a local listening socket.)

[originally from svn r1264]

diff --git a/psftp.c b/psftp.c
index 37f39ff3fdd0eb171c0e572ad1b16b7b09433ce8..137320b83d57e26989415f061bacd7709a29b0f2 100644 (file)
--- a/psftp.c
+++ b/psftp.c
@@ -1710,6 +1710,15 @@ int main(int argc, char *argv[])
     /* SFTP uses SSH2 by default always */
     cfg.sshprot = 2;
 
+    /*
+     * Disable scary things which shouldn't be enabled for simple
+     * things like SCP and SFTP: agent forwarding, port forwarding,
+     * X forwarding.
+     */
+    cfg.x11_forward = 0;
+    cfg.agentfwd = 0;
+    cfg.portfwd[0] = cfg.portfwd[1] = '\0';
+
     /* Set up subsystem name. */
     strcpy(cfg.remote_cmd, "sftp");
     cfg.ssh_subsys = TRUE;

diff --git a/scp.c b/scp.c
index 7a8cebde1d542c4ffb357e1dac47a3ae69a9525c..f4c8d794baef662f2e4784d01412d39e3ce5d881 100644 (file)
--- a/scp.c
+++ b/scp.c
@@ -603,6 +603,15 @@ static void do_cmd(char *host, char *user, char *cmd)
     if (portnumber)
        cfg.port = portnumber;
 
+    /*
+     * Disable scary things which shouldn't be enabled for simple
+     * things like SCP and SFTP: agent forwarding, port forwarding,
+     * X forwarding.
+     */
+    cfg.x11_forward = 0;
+    cfg.agentfwd = 0;
+    cfg.portfwd[0] = cfg.portfwd[1] = '\0';
+
     /*
      * Attempt to start the SFTP subsystem as a first choice,
      * falling back to the provided scp command if that fails.