diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-01-26 22:41:28 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2019-02-08 16:39:38 +0000 |
commit | 125924e47db3713a85a70e0f8d6c23818d2ea054 (patch) | |
tree | c8427bede4b2f4577f27250dbd84c8f8c50928de /regress/unittests/kex/tests.c | |
parent | 2a8f710447442e9a03e71c022859112ec2d77d17 (diff) |
upstream: check in scp client that filenames sent during
remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server
sending unexpected filenames, but it comes at a risk of rejecting wanted
files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen
fix approach suggested by markus@;
has been in snaps for ~1wk courtesy deraadt@
OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda
CVE-2019-6111
Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=391ffc4b9d31fa1f4ad566499fef9176ff8a07dc
Last-Update: 2019-02-08
Patch-Name: check-filenames-in-scp-client.patch
Diffstat (limited to 'regress/unittests/kex/tests.c')
0 files changed, 0 insertions, 0 deletions