Permalink
Browse files

Bug 1675: Prevent SCP server sending files that were not requested

https://winscp.net/tracker/1675

Source commit: 4aa587620973bf793fb6e783052277c0f7be4b55
  • Loading branch information...
martinprikryl committed Sep 3, 2018
1 parent ec5977b commit 49d876f2c5fc00bcedaa986a7cf6dedd6bf16f54
Showing with 6 additions and 0 deletions.
  1. +4 −0 source/core/ScpFileSystem.cpp
  2. +1 −0 source/resource/TextsCore.h
  3. +1 −0 source/resource/TextsCore1.rc
@@ -2361,6 +2361,10 @@ void __fastcall TSCPFileSystem::SCPSink(const UnicodeString TargetDir,
{
FTerminal->LogEvent(FORMAT(L"Warning: Remote host set a compound pathname '%s'", (Line)));
}
if ((Level == 0) && (OnlyFileName != UnixExtractFileName(FileName)))
{
SCPError(LoadStr(UNREQUESTED_FILE), False);
}

FullFileName = SourceDir + OnlyFileName;
OperationProgress->SetFile(FullFileName);
@@ -270,6 +270,7 @@
#define S3_STATUS_ACCESS_DENIED 746
#define UNKNOWN_FILE_ENCRYPTION 747
#define INVALID_ENCRYPT_KEY 748
#define UNREQUESTED_FILE 749

#define CORE_CONFIRMATION_STRINGS 300
#define CONFIRM_PROLONG_TIMEOUT3 301
@@ -241,6 +241,7 @@ BEGIN
MISSING_TARGET_BUCKET, "Specify target bucket."
UNKNOWN_FILE_ENCRYPTION, "File is not encrypted using a known encryption."
INVALID_ENCRYPT_KEY, "**Invalid encryption key.**\n\nEncryption key for %s encryption must have %d bytes. It must be entered in hexadecimal representation (i.e. %d characters)."
UNREQUESTED_FILE, "Server sent a file that was not requested."

CORE_CONFIRMATION_STRINGS, "CORE_CONFIRMATION"
CONFIRM_PROLONG_TIMEOUT3, "Host is not communicating for %d seconds.\n\nWait for another %0:d seconds?"

0 comments on commit 49d876f

Please sign in to comment.