jimzah/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src.git synced 2024-11-26 20:12:44 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

MFC r343043: scp: disallow empty or current directory

Browse Source 
Obtained from:	OpenBSD scp.c 1.198
Security:	CVE-2018-20685
Sponsored by:	The FreeBSD Foundation
This commit is contained in:
Ed Maste 2019-01-16 15:19:09 +00:00
parent 7b4a785027
commit e49e325d07
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/stable/10/; revision=343098
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
crypto/openssh/scp.c
View File

@ -1048,7 +1048,8 @@ sink(int argc, char **argv)
size = size * 10 + (*cp++ - '0');
if (*cp++ != ' ')
SCREWUP("size not delimited");
if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
if (*cp == '\0' || strchr(cp, '/') != NULL ||
strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
run_err("error: unexpected filename: %s", cp);
exit(1);
}