diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2018-11-16 03:03:11 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2018-11-16 03:03:11 +0000 |
| commit | 8174d401371a0d844a5e45421479bffdafa31292 (patch) | |
| tree | 2a960fda9ca92f1ca7dc2e1d0eee6f2b42dfe7d4 | |
| parent | 70b40d5bd5a931ecd88b6b3d90a8c09d9b11d84f (diff) | |
disallow empty incoming filename or ones that refer to the current
directory; based on report/patch from Harry Sintonen
| -rw-r--r-- | usr.bin/ssh/scp.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/usr.bin/ssh/scp.c b/usr.bin/ssh/scp.c index 68aed643abf..17215a70dce 100644 --- a/usr.bin/ssh/scp.c +++ b/usr.bin/ssh/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.197 2018/06/01 04:31:48 dtucker Exp $ */ +/* $OpenBSD: scp.c,v 1.198 2018/11/16 03:03:10 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -1083,7 +1083,8 @@ sink(int argc, char **argv) SCREWUP("size out of range"); size = (off_t)ull; - if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) { + if (*cp == '\0' || strchr(cp, '/') != NULL || + strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) { run_err("error: unexpected filename: %s", cp); exit(1); } |