tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- markus@cvs.openbsd.org 2004/04/01 12:19:57 

[scp.c]
     limit trust between local and remote rcp/scp process,
     noticed by lcamtuf; ok deraadt@, djm@
This commit is contained in:
Darren Tucker 2004-04-19 23:50:16 +10:00
parent d04121f0ab
commit bddc2b0179
2 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -12,6 +12,10 @@
- djm@cvs.openbsd.org 2004/03/31 21:58:47 - djm@cvs.openbsd.org 2004/03/31 21:58:47
[canohost.c] [canohost.c]
don't skip ip options check when UseDNS=no; ok markus@ (ID sync only) don't skip ip options check when UseDNS=no; ok markus@ (ID sync only)
- markus@cvs.openbsd.org 2004/04/01 12:19:57
[scp.c]
limit trust between local and remote rcp/scp process,
noticed by lcamtuf; ok deraadt@, djm@
20040418 20040418
- (dtucker) [auth-pam.c] Log username and source host for failed PAM - (dtucker) [auth-pam.c] Log username and source host for failed PAM
@ -997,4 +1001,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
$Id: ChangeLog,v 1.3320 2004/04/19 12:16:53 dtucker Exp $ $Id: ChangeLog,v 1.3321 2004/04/19 13:50:16 dtucker Exp $

10
scp.c
View File

@ -71,7 +71,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: scp.c,v 1.113 2003/11/23 23:21:21 djm Exp $"); RCSID("$OpenBSD: scp.c,v 1.114 2004/04/01 12:19:57 markus Exp $");
#include "xmalloc.h" #include "xmalloc.h"
#include "atomicio.h" #include "atomicio.h"
@ -759,6 +759,8 @@ sink(int argc, char **argv)
*cp++ = ch; *cp++ = ch;
} while (cp < &buf[sizeof(buf) - 1] && ch != '\n'); } while (cp < &buf[sizeof(buf) - 1] && ch != '\n');
*cp = 0; *cp = 0;
if (verbose_mode)
fprintf(stderr, "Sink: %s", buf);
if (buf[0] == '\01' || buf[0] == '\02') { if (buf[0] == '\01' || buf[0] == '\02') {
if (iamremote == 0) if (iamremote == 0)
@ -822,6 +824,10 @@ sink(int argc, char **argv)
size = size * 10 + (*cp++ - '0'); size = size * 10 + (*cp++ - '0');
if (*cp++ != ' ') if (*cp++ != ' ')
SCREWUP("size not delimited"); SCREWUP("size not delimited");
if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
run_err("error: unexpected filename: %s", cp);
exit(1);
}
if (targisdir) { if (targisdir) {
static char *namebuf; static char *namebuf;
static int cursize; static int cursize;
@ -843,6 +849,8 @@ sink(int argc, char **argv)
exists = stat(np, &stb) == 0; exists = stat(np, &stb) == 0;
if (buf[0] == 'D') { if (buf[0] == 'D') {
int mod_flag = pflag; int mod_flag = pflag;
if (!iamrecursive)
SCREWUP("received directory without -r");
if (exists) { if (exists) {
if (!S_ISDIR(stb.st_mode)) { if (!S_ISDIR(stb.st_mode)) {
errno = ENOTDIR; errno = ENOTDIR;