From e9a460411fcbf28c9e8b4e6afba4a7d1efa8bde2 Mon Sep 17 00:00:00 2001
From: Dan Fandrich <dan@coneharvesters.com>
Date: Tue, 18 Mar 2008 22:59:04 +0000
Subject: Fixed an infinite loop when given an invalid SFTP quote command.

---
 CHANGES             |  2 +-
 RELEASE-NOTES       |  1 +
 lib/ssh.c           | 16 ++++++++--------
 tests/data/DISABLED |  1 -
 tests/data/test626  |  6 +++---
 5 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/CHANGES b/CHANGES
index adf5958b9..dd0ed6fa4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -8,7 +8,7 @@
 
 Daniel Fandrich (18 Mar 2008)
 - Added test 626 to reproduce an infinite loop when given an invalid
-  SFTP quote command reported by Vincent Le Normand, but left it disabled.
+  SFTP quote command reported by Vincent Le Normand, and fixed it.
 
 Michal Marek (18 Mar 2008)
 - Added curl_easy_getinfo typechecker.
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 64e13b642..281bd59eb 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -46,6 +46,7 @@ This release includes the following bugfixes:
  o sharing DNS cache between easy handles running in multiple threads could
    lead to crash
  o SFTP upload with CURLOPT_FTP_CREATE_MISSING_DIRS on re-used connection
+ o SFTP infinite loop when given an invalid quote command
 
 This release includes the following known bugs:
 
diff --git a/lib/ssh.c b/lib/ssh.c
index f8b0f7643..b238e9c3b 100644
--- a/lib/ssh.c
+++ b/lib/ssh.c
@@ -956,14 +956,14 @@ static CURLcode ssh_statemach_act(struct connectdata *conn)
         break;
       }
 
-      if(sshc->quote_path1) {
-        Curl_safefree(sshc->quote_path1);
-        sshc->quote_path1 = NULL;
-      }
-      if(sshc->quote_path2) {
-        Curl_safefree(sshc->quote_path2);
-        sshc->quote_path2 = NULL;
-      }
+      failf(data, "Unknown SFTP command");
+      Curl_safefree(sshc->quote_path1);
+      sshc->quote_path1 = NULL;
+      Curl_safefree(sshc->quote_path2);
+      sshc->quote_path2 = NULL;
+      state(conn, SSH_SFTP_CLOSE);
+      sshc->actualcode = CURLE_QUOTE_ERROR;
+      break;
     }
   }
   if(!sshc->quote_item) {
diff --git a/tests/data/DISABLED b/tests/data/DISABLED
index e596ddcc1..eb8bc3190 100644
--- a/tests/data/DISABLED
+++ b/tests/data/DISABLED
@@ -4,4 +4,3 @@
 # per line.
 # Lines starting with '#' letters are treated as comments.
 617
-626
diff --git a/tests/data/test626 b/tests/data/test626
index 46360fb4e..475b6d7dd 100644
--- a/tests/data/test626
+++ b/tests/data/test626
@@ -32,9 +32,9 @@ Test file for rename test
 #
 # Verify data after the test has been "shot"
 <verify>
-<file name="log/file626-renamed.txt">
-Test file for rename test
-</file>
+<errorcode>
+21
+</errorcode>
 <valgrind>
 disable
 </valgrind>
-- 
cgit v1.2.3