tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream commit 

Avoid potential signed int overflow when parsing the file
size. Use strtoul() instead of parsing manually.  OK djm@

Upstream-ID: 1f82640861c7d905bbb05e7d935d46b0419ced02
This commit is contained in:
millert@openbsd.org 2017-04-27 11:53:12 +00:00 committed by Damien Miller
parent 17a54a03f5
commit 91bd218186
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
scp.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: scp.c,v 1.187 2016/09/12 01:22:38 deraadt Exp $ */
/* $OpenBSD: scp.c,v 1.188 2017/04/27 11:53:12 millert Exp $ */
/*
* scp - secure remote copy. This is basically patched BSD rcp which
* uses ssh to do the data transfer (instead of using rcmd).
@ -1043,10 +1043,15 @@ sink(int argc, char **argv)
if (*cp++ != ' ')
SCREWUP("mode not delimited");
for (size = 0; isdigit((unsigned char)*cp);)
size = size * 10 + (*cp++ - '0');
if (*cp++ != ' ')
if (!isdigit((unsigned char)*cp))
SCREWUP("size not present");
ull = strtoull(cp, &cp, 10);
if (!cp || *cp++ != ' ')
SCREWUP("size not delimited");
if ((off_t)ull < 0 || (unsigned long long)(off_t)ull != ull)
SCREWUP("size out of range");
size = (off_t)ull;
if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
run_err("error: unexpected filename: %s", cp);
exit(1);