diff options
author | Ed Maste <emaste@FreeBSD.org> | 2019-01-15 15:35:14 +0000 |
---|---|---|
committer | Ed Maste <emaste@FreeBSD.org> | 2019-01-15 15:35:14 +0000 |
commit | d366f891b12ce2802752fe6cde1e39e5003eb656 (patch) | |
tree | 2bf57b02d3270a90f4f9f5325c8526a21c0210c1 /crypto | |
parent | cd0c606fda6c826782634a6ca7c7f10bb0750ea1 (diff) | |
download | src-test2-d366f891b12ce2802752fe6cde1e39e5003eb656.tar.gz src-test2-d366f891b12ce2802752fe6cde1e39e5003eb656.zip |
scp: disallow empty or current directory
Obtained from: OpenBSD scp.c 1.198
Security: CVE-2018-20685
Sponsored by: The FreeBSD Foundation
Notes
Notes:
svn path=/head/; revision=343043
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/openssh/scp.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/openssh/scp.c b/crypto/openssh/scp.c index 60682c68769b..817880206684 100644 --- a/crypto/openssh/scp.c +++ b/crypto/openssh/scp.c @@ -1106,7 +1106,8 @@ sink(int argc, char **argv) SCREWUP("size out of range"); size = (off_t)ull; - if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) { + if (*cp == '\0' || strchr(cp, '/') != NULL || + strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) { run_err("error: unexpected filename: %s", cp); exit(1); } |