- djm@cvs.openbsd.org 2004/03/31 21:58:47
[canohost.c]
don't skip ip options check when UseDNS=no; ok markus@ (ID sync only)
+ - markus@cvs.openbsd.org 2004/04/01 12:19:57
+ [scp.c]
+ limit trust between local and remote rcp/scp process,
+ noticed by lcamtuf; ok deraadt@, djm@
20040418
- (dtucker) [auth-pam.c] Log username and source host for failed PAM
*/
#include "includes.h"
-RCSID("$OpenBSD: scp.c,v 1.113 2003/11/23 23:21:21 djm Exp $");
+RCSID("$OpenBSD: scp.c,v 1.114 2004/04/01 12:19:57 markus Exp $");
#include "xmalloc.h"
#include "atomicio.h"
*cp++ = ch;
} while (cp < &buf[sizeof(buf) - 1] && ch != '\n');
*cp = 0;
+ if (verbose_mode)
+ fprintf(stderr, "Sink: %s", buf);
if (buf[0] == '\01' || buf[0] == '\02') {
if (iamremote == 0)
size = size * 10 + (*cp++ - '0');
if (*cp++ != ' ')
SCREWUP("size not delimited");
+ if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
+ run_err("error: unexpected filename: %s", cp);
+ exit(1);
+ }
if (targisdir) {
static char *namebuf;
static int cursize;
exists = stat(np, &stb) == 0;
if (buf[0] == 'D') {
int mod_flag = pflag;
+ if (!iamrecursive)
+ SCREWUP("received directory without -r");
if (exists) {
if (!S_ISDIR(stb.st_mode)) {
errno = ENOTDIR;