Skip to content

Commit 6010c03

Browse files
committed
upstream: disallow empty incoming filename or ones that refer to the
current directory; based on report/patch from Harry Sintonen OpenBSD-Commit-ID: f27651b30eaee2df49540ab68d030865c04f6de9
1 parent aaed635 commit 6010c03

File tree

1 file changed

+3
-2
lines changed

1 file changed

+3
-2
lines changed

Diff for: scp.c

+3-2
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
/* $OpenBSD: scp.c,v 1.197 2018/06/01 04:31:48 dtucker Exp $ */
1+
/* $OpenBSD: scp.c,v 1.198 2018/11/16 03:03:10 djm Exp $ */
22
/*
33
* scp - secure remote copy. This is basically patched BSD rcp which
44
* uses ssh to do the data transfer (instead of using rcmd).
@@ -1106,7 +1106,8 @@ sink(int argc, char **argv)
11061106
SCREWUP("size out of range");
11071107
size = (off_t)ull;
11081108

1109-
if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
1109+
if (*cp == '\0' || strchr(cp, '/') != NULL ||
1110+
strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
11101111
run_err("error: unexpected filename: %s", cp);
11111112
exit(1);
11121113
}

0 commit comments

Comments
 (0)