summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2001-10-03 17:30:58 +0000
committerBen Lindstrom <mouring@eviladmin.org>2001-10-03 17:30:58 +0000
commit3e45e4cd003fd9aa5ae1556afd4ba405904b761f (patch)
treeaa82d0a7f836a217947fe4fe0442157139fff4ef
parent83f07d19544b3acc2fb4d3b2b8640c5e5c7ae9d4 (diff)
- markus@cvs.openbsd.org 2001/10/01 08:06:28
[scp.c] skip filenames containing \n; report jdamery@chiark.greenend.org.uk and matthew@debian.org
-rw-r--r--ChangeLog6
-rw-r--r--scp.c7
2 files changed, 11 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index 8985539ee..5c504ee5b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,10 @@
20 - markus@cvs.openbsd.org 2001/09/28 15:46:29 20 - markus@cvs.openbsd.org 2001/09/28 15:46:29
21 [ssh.c] 21 [ssh.c]
22 bug: read user config first; report kaukasoi@elektroni.ee.tut.fi 22 bug: read user config first; report kaukasoi@elektroni.ee.tut.fi
23 - markus@cvs.openbsd.org 2001/10/01 08:06:28
24 [scp.c]
25 skip filenames containing \n; report jdamery@chiark.greenend.org.uk
26 and matthew@debian.org
23 27
2420011001 2820011001
25 - (stevesk) loginrec.c: fix type conversion problems exposed when using 29 - (stevesk) loginrec.c: fix type conversion problems exposed when using
@@ -6612,4 +6616,4 @@
6612 - Wrote replacements for strlcpy and mkdtemp 6616 - Wrote replacements for strlcpy and mkdtemp
6613 - Released 1.0pre1 6617 - Released 1.0pre1
6614 6618
6615$Id: ChangeLog,v 1.1575 2001/10/03 17:22:29 mouring Exp $ 6619$Id: ChangeLog,v 1.1576 2001/10/03 17:30:58 mouring Exp $
diff --git a/scp.c b/scp.c
index e603646b6..b5cb541b4 100644
--- a/scp.c
+++ b/scp.c
@@ -75,7 +75,7 @@
75 */ 75 */
76 76
77#include "includes.h" 77#include "includes.h"
78RCSID("$OpenBSD: scp.c,v 1.84 2001/09/19 19:24:19 stevesk Exp $"); 78RCSID("$OpenBSD: scp.c,v 1.85 2001/10/01 08:06:28 markus Exp $");
79 79
80#include "xmalloc.h" 80#include "xmalloc.h"
81#include "atomicio.h" 81#include "atomicio.h"
@@ -503,6 +503,11 @@ source(argc, argv)
503 len = strlen(name); 503 len = strlen(name);
504 while (len > 1 && name[len-1] == '/') 504 while (len > 1 && name[len-1] == '/')
505 name[--len] = '\0'; 505 name[--len] = '\0';
506 if (strchr(name, '\n') != NULL) {
507 run_err("%s: skipping, filename contains a newline",
508 name);
509 goto next;
510 }
506 if ((fd = open(name, O_RDONLY, 0)) < 0) 511 if ((fd = open(name, O_RDONLY, 0)) < 0)
507 goto syserr; 512 goto syserr;
508 if (fstat(fd, &stb) < 0) { 513 if (fstat(fd, &stb) < 0) {