diff options
| author | Ed Maste <emaste@FreeBSD.org> | 2019-01-16 15:15:04 +0000 |
|---|---|---|
| committer | Ed Maste <emaste@FreeBSD.org> | 2019-01-16 15:15:04 +0000 |
| commit | 46e043d174178ad7a370ad61acfc27aaf148ec60 (patch) | |
| tree | 13e89b4a961fed1f5d61574d298c185b5cef6879 /crypto | |
| parent | 01f260d3912b722988d71062a2b9c348958db781 (diff) | |
| download | src-46e043d174178ad7a370ad61acfc27aaf148ec60.tar.gz src-46e043d174178ad7a370ad61acfc27aaf148ec60.zip | |
MFC r343043: scp: disallow empty or current directory
Obtained from: OpenBSD scp.c 1.198
Security: CVE-2018-20685
Sponsored by: The FreeBSD Foundation
Notes
Notes:
svn path=/stable/11/; revision=343097
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/openssh/scp.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/openssh/scp.c b/crypto/openssh/scp.c index b4db851980ba..145cdedb15a5 100644 --- a/crypto/openssh/scp.c +++ b/crypto/openssh/scp.c @@ -1047,7 +1047,8 @@ sink(int argc, char **argv) size = size * 10 + (*cp++ - '0'); if (*cp++ != ' ') SCREWUP("size not delimited"); - if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) { + if (*cp == '\0' || strchr(cp, '/') != NULL || + strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) { run_err("error: unexpected filename: %s", cp); exit(1); } |