From 6f4e06e996935810d1fcceef7b0e8c5e77d6989a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 31 Jan 2006 10:23:24 +0000 Subject: regression test for CVE-2006-0225 written by dtucker@ --- regress/usr.bin/ssh/scp.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'regress/usr.bin/ssh/scp.sh') diff --git a/regress/usr.bin/ssh/scp.sh b/regress/usr.bin/ssh/scp.sh index 10eb58141c6..f82b988f475 100644 --- a/regress/usr.bin/ssh/scp.sh +++ b/regress/usr.bin/ssh/scp.sh @@ -1,4 +1,4 @@ -# $OpenBSD: scp.sh,v 1.5 2006/01/27 06:49:21 djm Exp $ +# $OpenBSD: scp.sh,v 1.6 2006/01/31 10:23:23 djm Exp $ # Placed in the Public Domain. tid="scp" @@ -75,6 +75,13 @@ cp ${DATA} ${DIR}/copy $SCP $scpopts -r somehost:${DIR} ${DIR2} || fail "copy failed" diff -rN ${DIR} ${DIR2} || fail "corrupted copy" +verbose "$tid: shell metacharacters" +scpclean +(cd ${DIR} && \ + touch '`touch metachartest`' && \ + $SCP $scpopts *metachar* ${DIR2} 2>/dev/null; \ + [ ! -f metachartest ] ) || fail "shell metacharacters" + if [ ! -z "$SUDO" ]; then verbose "$tid: skipped file after scp -p with failed chown+utimes" scpclean -- cgit v1.2.3