From 5720c10e5f2921a5785aac2a0d752dbc5e8bdaf9 Mon Sep 17 00:00:00 2001 From: mouring Date: Wed, 3 Oct 2001 17:30:58 +0000 Subject: [PATCH] - markus@cvs.openbsd.org 2001/10/01 08:06:28 [scp.c] skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org --- ChangeLog | 4 ++++ scp.c | 7 ++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 13dede84..40078754 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,10 @@ - markus@cvs.openbsd.org 2001/09/28 15:46:29 [ssh.c] bug: read user config first; report kaukasoi@elektroni.ee.tut.fi + - markus@cvs.openbsd.org 2001/10/01 08:06:28 + [scp.c] + skip filenames containing \n; report jdamery@chiark.greenend.org.uk + and matthew@debian.org 20011001 - (stevesk) loginrec.c: fix type conversion problems exposed when using diff --git a/scp.c b/scp.c index e603646b..b5cb541b 100644 --- a/scp.c +++ b/scp.c @@ -75,7 +75,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.84 2001/09/19 19:24:19 stevesk Exp $"); +RCSID("$OpenBSD: scp.c,v 1.85 2001/10/01 08:06:28 markus Exp $"); #include "xmalloc.h" #include "atomicio.h" @@ -503,6 +503,11 @@ source(argc, argv) len = strlen(name); while (len > 1 && name[len-1] == '/') name[--len] = '\0'; + if (strchr(name, '\n') != NULL) { + run_err("%s: skipping, filename contains a newline", + name); + goto next; + } if ((fd = open(name, O_RDONLY, 0)) < 0) goto syserr; if (fstat(fd, &stb) < 0) { -- 2.45.2