blob: 64d0d96486c1f8ef3198548b7c7d5aabbe6d1880 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
From c96c48d62aefc372f2105293ddf8cff2d116dc3a Mon Sep 17 00:00:00 2001
From: Haelwenn Monnier <contact+github.com@hacktivis.me>
Date: Mon, 25 May 2020 14:54:29 +0200
Subject: [PATCH] scp.c: Port OpenSSH CVE-2018-20685 fix (#80)
Reference:
https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff
CVE: CVE-2020-36254
Upstream-Status: Backport
---
scp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/scp.c b/scp.c
index 742ae00..7b8e7d2 100644
--- a/scp.c
+++ b/scp.c
@@ -935,7 +935,8 @@ sink(int argc, char **argv)
size = size * 10 + (*cp++ - '0');
if (*cp++ != ' ')
SCREWUP("size not delimited");
- if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
+ if (*cp == '\0' || strchr(cp, '/') != NULL ||
+ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
run_err("error: unexpected filename: %s", cp);
exit(1);
}
|