Skip to content
Permalink
Browse files Browse the repository at this point in the history
scp.c: Port OpenSSH CVE-2018-20685 fix (#80)
  • Loading branch information
lanodan committed May 25, 2020
1 parent 90cfbe1 commit 8f8a3df
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion scp.c
Expand Up @@ -935,7 +935,8 @@ sink(int argc, char **argv)
size = size * 10 + (*cp++ - '0');
if (*cp++ != ' ')
SCREWUP("size not delimited");
if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
if (*cp == '\0' || strchr(cp, '/') != NULL ||
strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
run_err("error: unexpected filename: %s", cp);
exit(1);
}
Expand Down

1 comment on commit 8f8a3df

@carnil
Copy link

@carnil carnil commented on 8f8a3df Feb 25, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This has a separate CVE id assigned (CVE-2020-36254)

Please sign in to comment.