diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2004-04-19 23:50:16 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2004-04-19 23:50:16 +1000 |
| commit | bddc2b0179ea35da7269d025c8f690593bff54b6 (patch) | |
| tree | caeaf06304f596fd8ef38fbb2e5b8e5faf44ed21 | |
| parent | d04121f0ab2fcefb4b77523c38f8babadbebe38d (diff) | |
- markus@cvs.openbsd.org 2004/04/01 12:19:57
[scp.c]
limit trust between local and remote rcp/scp process,
noticed by lcamtuf; ok deraadt@, djm@
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | scp.c | 10 |
2 files changed, 14 insertions, 2 deletions
| @@ -12,6 +12,10 @@ | |||
| 12 | - djm@cvs.openbsd.org 2004/03/31 21:58:47 | 12 | - djm@cvs.openbsd.org 2004/03/31 21:58:47 |
| 13 | [canohost.c] | 13 | [canohost.c] |
| 14 | don't skip ip options check when UseDNS=no; ok markus@ (ID sync only) | 14 | don't skip ip options check when UseDNS=no; ok markus@ (ID sync only) |
| 15 | - markus@cvs.openbsd.org 2004/04/01 12:19:57 | ||
| 16 | [scp.c] | ||
| 17 | limit trust between local and remote rcp/scp process, | ||
| 18 | noticed by lcamtuf; ok deraadt@, djm@ | ||
| 15 | 19 | ||
| 16 | 20040418 | 20 | 20040418 |
| 17 | - (dtucker) [auth-pam.c] Log username and source host for failed PAM | 21 | - (dtucker) [auth-pam.c] Log username and source host for failed PAM |
| @@ -997,4 +1001,4 @@ | |||
| 997 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 1001 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
| 998 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 1002 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
| 999 | 1003 | ||
| 1000 | $Id: ChangeLog,v 1.3320 2004/04/19 12:16:53 dtucker Exp $ | 1004 | $Id: ChangeLog,v 1.3321 2004/04/19 13:50:16 dtucker Exp $ |
| @@ -71,7 +71,7 @@ | |||
| 71 | */ | 71 | */ |
| 72 | 72 | ||
| 73 | #include "includes.h" | 73 | #include "includes.h" |
| 74 | RCSID("$OpenBSD: scp.c,v 1.113 2003/11/23 23:21:21 djm Exp $"); | 74 | RCSID("$OpenBSD: scp.c,v 1.114 2004/04/01 12:19:57 markus Exp $"); |
| 75 | 75 | ||
| 76 | #include "xmalloc.h" | 76 | #include "xmalloc.h" |
| 77 | #include "atomicio.h" | 77 | #include "atomicio.h" |
| @@ -759,6 +759,8 @@ sink(int argc, char **argv) | |||
| 759 | *cp++ = ch; | 759 | *cp++ = ch; |
| 760 | } while (cp < &buf[sizeof(buf) - 1] && ch != '\n'); | 760 | } while (cp < &buf[sizeof(buf) - 1] && ch != '\n'); |
| 761 | *cp = 0; | 761 | *cp = 0; |
| 762 | if (verbose_mode) | ||
| 763 | fprintf(stderr, "Sink: %s", buf); | ||
| 762 | 764 | ||
| 763 | if (buf[0] == '\01' || buf[0] == '\02') { | 765 | if (buf[0] == '\01' || buf[0] == '\02') { |
| 764 | if (iamremote == 0) | 766 | if (iamremote == 0) |
| @@ -822,6 +824,10 @@ sink(int argc, char **argv) | |||
| 822 | size = size * 10 + (*cp++ - '0'); | 824 | size = size * 10 + (*cp++ - '0'); |
| 823 | if (*cp++ != ' ') | 825 | if (*cp++ != ' ') |
| 824 | SCREWUP("size not delimited"); | 826 | SCREWUP("size not delimited"); |
| 827 | if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) { | ||
| 828 | run_err("error: unexpected filename: %s", cp); | ||
| 829 | exit(1); | ||
| 830 | } | ||
| 825 | if (targisdir) { | 831 | if (targisdir) { |
| 826 | static char *namebuf; | 832 | static char *namebuf; |
| 827 | static int cursize; | 833 | static int cursize; |
| @@ -843,6 +849,8 @@ sink(int argc, char **argv) | |||
| 843 | exists = stat(np, &stb) == 0; | 849 | exists = stat(np, &stb) == 0; |
| 844 | if (buf[0] == 'D') { | 850 | if (buf[0] == 'D') { |
| 845 | int mod_flag = pflag; | 851 | int mod_flag = pflag; |
| 852 | if (!iamrecursive) | ||
| 853 | SCREWUP("received directory without -r"); | ||
| 846 | if (exists) { | 854 | if (exists) { |
| 847 | if (!S_ISDIR(stb.st_mode)) { | 855 | if (!S_ISDIR(stb.st_mode)) { |
| 848 | errno = ENOTDIR; | 856 | errno = ENOTDIR; |