libssh: error on bad chown number and store the value

To avoid continuing with an unintended zero uid. Also actually use the
value, which was omitted before!

Reported in Joshua's sarif data

Closes #18639

diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c
index be8336ad0a1ef0d0eb6d336991f35d821ac38a8c..56f21d85e99a671537963102979316422b677f12 100644 (file)
--- a/lib/vssh/libssh.c
+++ b/lib/vssh/libssh.c
@@ -1838,9 +1838,7 @@ static int myssh_in_SFTP_QUOTE_STAT(struct Curl_easy *data,
   else if(!strncmp(cmd, "chown", 5)) {
     const char *p = sshc->quote_path1;
     curl_off_t uid;
-    (void)curlx_str_number(&p, &uid, UINT_MAX);
-    if(sshc->quote_attrs->uid == 0 && !ISDIGIT(sshc->quote_path1[0]) &&
-       !sshc->acceptfail) {
+    if(curlx_str_number(&p, &uid, UINT_MAX)) {
       Curl_safefree(sshc->quote_path1);
       Curl_safefree(sshc->quote_path2);
       failf(data, "Syntax error: chown uid not a number");
@@ -1849,6 +1847,7 @@ static int myssh_in_SFTP_QUOTE_STAT(struct Curl_easy *data,
       sshc->actualcode = CURLE_QUOTE_ERROR;
       return SSH_NO_ERROR;
     }
+    sshc->quote_attrs->uid = (uint32_t)uid;
     sshc->quote_attrs->flags |= SSH_FILEXFER_ATTR_UIDGID;
   }
   else if(!strncmp(cmd, "atime", 5) ||