From f09aa22c056ea91d621a26193588249e9c9bec5b Mon Sep 17 00:00:00 2001 From: dtucker Date: Mon, 19 Apr 2004 13:50:16 +0000 Subject: [PATCH] - markus@cvs.openbsd.org 2004/04/01 12:19:57 [scp.c] limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@ --- ChangeLog | 4 ++++ scp.c | 10 +++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 4ada7458..bee7d495 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,10 @@ - djm@cvs.openbsd.org 2004/03/31 21:58:47 [canohost.c] don't skip ip options check when UseDNS=no; ok markus@ (ID sync only) + - markus@cvs.openbsd.org 2004/04/01 12:19:57 + [scp.c] + limit trust between local and remote rcp/scp process, + noticed by lcamtuf; ok deraadt@, djm@ 20040418 - (dtucker) [auth-pam.c] Log username and source host for failed PAM diff --git a/scp.c b/scp.c index 1daa2ccf..8621a440 100644 --- a/scp.c +++ b/scp.c @@ -71,7 +71,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.113 2003/11/23 23:21:21 djm Exp $"); +RCSID("$OpenBSD: scp.c,v 1.114 2004/04/01 12:19:57 markus Exp $"); #include "xmalloc.h" #include "atomicio.h" @@ -759,6 +759,8 @@ sink(int argc, char **argv) *cp++ = ch; } while (cp < &buf[sizeof(buf) - 1] && ch != '\n'); *cp = 0; + if (verbose_mode) + fprintf(stderr, "Sink: %s", buf); if (buf[0] == '\01' || buf[0] == '\02') { if (iamremote == 0) @@ -822,6 +824,10 @@ sink(int argc, char **argv) size = size * 10 + (*cp++ - '0'); if (*cp++ != ' ') SCREWUP("size not delimited"); + if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) { + run_err("error: unexpected filename: %s", cp); + exit(1); + } if (targisdir) { static char *namebuf; static int cursize; @@ -843,6 +849,8 @@ sink(int argc, char **argv) exists = stat(np, &stb) == 0; if (buf[0] == 'D') { int mod_flag = pflag; + if (!iamrecursive) + SCREWUP("received directory without -r"); if (exists) { if (!S_ISDIR(stb.st_mode)) { errno = ENOTDIR; -- 2.45.1