[sshd.8]
typos; sshd(8): help and ok markus@
help and ok millert@
+ - markus@cvs.openbsd.org 2003/02/02 10:51:13
+ [scp.c]
+ call okname() only when using system(3) for remote-remote copy;
+ fixes bugs #483, #472; ok deraadt@, mouring@
20030211
- (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com
*/
#include "includes.h"
-RCSID("$OpenBSD: scp.c,v 1.100 2003/01/23 14:06:15 markus Exp $");
+RCSID("$OpenBSD: scp.c,v 1.101 2003/02/02 10:51:13 markus Exp $");
#include "xmalloc.h"
#include "atomicio.h"
tuser = argv[argc - 1];
if (*tuser == '\0')
tuser = NULL;
- else if (!okname(tuser))
- exit(1);
} else {
thost = argv[argc - 1];
tuser = NULL;
suser = pwd->pw_name;
else if (!okname(suser))
continue;
+ if (tuser && !okname(tuser))
+ continue;
snprintf(bp, len,
"%s%s %s -n "
"-l %s %s %s %s '%s%s%s:%s'",
suser = argv[i];
if (*suser == '\0')
suser = pwd->pw_name;
- else if (!okname(suser))
- continue;
}
host = cleanhostname(host);
len = strlen(src) + CMDNEEDS + 20;
c = (int)*cp;
if (c & 0200)
goto bad;
- if (!isalpha(c) && !isdigit(c) &&
- c != '@' && c != '_' && c != '-' && c != '.' && c != '+')
- goto bad;
+ if (!isalpha(c) && !isdigit(c)) {
+ switch (c) {
+ case '\'':
+ case '"':
+ case '`':
+ case ' ':
+ case '#':
+ goto bad;
+ default:
+ break;
+ }
+ }
} while (*++cp);
return (1);