diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2004-04-01 12:19:58 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2004-04-01 12:19:58 +0000 |
| commit | f426f17e726d31ab6ffaad429ddc90b7d1fd0a14 (patch) | |
| tree | 9d4a1bc367a309b19b146d45523e72a7262aff3b /bin | |
| parent | 49d666407d95d39d44f5cb48315961c632c15367 (diff) | |
limit trust between local and remote rcp/scp process,
noticed by lcamtuf; ok deraadt@, djm@
Diffstat (limited to 'bin')
| -rw-r--r-- | bin/rcp/rcp.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/bin/rcp/rcp.c b/bin/rcp/rcp.c index 7b76a268a31..9d23e6e61b6 100644 --- a/bin/rcp/rcp.c +++ b/bin/rcp/rcp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rcp.c,v 1.38 2003/07/29 00:24:16 deraadt Exp $ */ +/* $OpenBSD: rcp.c,v 1.39 2004/04/01 12:19:57 markus Exp $ */ /* $NetBSD: rcp.c,v 1.9 1995/03/21 08:19:06 cgd Exp $ */ /* @@ -40,7 +40,7 @@ static char copyright[] = #if 0 static char sccsid[] = "@(#)rcp.c 8.2 (Berkeley) 4/2/94"; #else -static const char rcsid[] = "$OpenBSD: rcp.c,v 1.38 2003/07/29 00:24:16 deraadt Exp $"; +static const char rcsid[] = "$OpenBSD: rcp.c,v 1.39 2004/04/01 12:19:57 markus Exp $"; #endif #endif /* not lint */ @@ -637,6 +637,10 @@ sink(int argc, char *argv[]) size = size * 10 + (*cp++ - '0'); if (*cp++ != ' ') SCREWUP("size not delimited"); + if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) { + run_err("error: unexpected filename: %s", cp); + exit(1); + } if (targisdir) { static char *namebuf; static int cursize; @@ -655,6 +659,8 @@ sink(int argc, char *argv[]) exists = stat(np, &stb) == 0; if (buf[0] == 'D') { int mod_flag = pflag; + if (!iamrecursive) + SCREWUP("received directory without -r"); if (exists) { if (!S_ISDIR(stb.st_mode)) { errno = ENOTDIR; |