summaryrefslogtreecommitdiff
path: root/scp.c
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2004-04-19 23:50:16 +1000
committerDarren Tucker <dtucker@zip.com.au>2004-04-19 23:50:16 +1000
commitbddc2b0179ea35da7269d025c8f690593bff54b6 (patch)
treecaeaf06304f596fd8ef38fbb2e5b8e5faf44ed21 /scp.c
parentd04121f0ab2fcefb4b77523c38f8babadbebe38d (diff)
- markus@cvs.openbsd.org 2004/04/01 12:19:57
[scp.c] limit trust between local and remote rcp/scp process, noticed by lcamtuf; ok deraadt@, djm@
Diffstat (limited to 'scp.c')
-rw-r--r--scp.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/scp.c b/scp.c
index 1daa2ccf7..8621a4409 100644
--- a/scp.c
+++ b/scp.c
@@ -71,7 +71,7 @@
71 */ 71 */
72 72
73#include "includes.h" 73#include "includes.h"
74RCSID("$OpenBSD: scp.c,v 1.113 2003/11/23 23:21:21 djm Exp $"); 74RCSID("$OpenBSD: scp.c,v 1.114 2004/04/01 12:19:57 markus Exp $");
75 75
76#include "xmalloc.h" 76#include "xmalloc.h"
77#include "atomicio.h" 77#include "atomicio.h"
@@ -759,6 +759,8 @@ sink(int argc, char **argv)
759 *cp++ = ch; 759 *cp++ = ch;
760 } while (cp < &buf[sizeof(buf) - 1] && ch != '\n'); 760 } while (cp < &buf[sizeof(buf) - 1] && ch != '\n');
761 *cp = 0; 761 *cp = 0;
762 if (verbose_mode)
763 fprintf(stderr, "Sink: %s", buf);
762 764
763 if (buf[0] == '\01' || buf[0] == '\02') { 765 if (buf[0] == '\01' || buf[0] == '\02') {
764 if (iamremote == 0) 766 if (iamremote == 0)
@@ -822,6 +824,10 @@ sink(int argc, char **argv)
822 size = size * 10 + (*cp++ - '0'); 824 size = size * 10 + (*cp++ - '0');
823 if (*cp++ != ' ') 825 if (*cp++ != ' ')
824 SCREWUP("size not delimited"); 826 SCREWUP("size not delimited");
827 if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
828 run_err("error: unexpected filename: %s", cp);
829 exit(1);
830 }
825 if (targisdir) { 831 if (targisdir) {
826 static char *namebuf; 832 static char *namebuf;
827 static int cursize; 833 static int cursize;
@@ -843,6 +849,8 @@ sink(int argc, char **argv)
843 exists = stat(np, &stb) == 0; 849 exists = stat(np, &stb) == 0;
844 if (buf[0] == 'D') { 850 if (buf[0] == 'D') {
845 int mod_flag = pflag; 851 int mod_flag = pflag;
852 if (!iamrecursive)
853 SCREWUP("received directory without -r");
846 if (exists) { 854 if (exists) {
847 if (!S_ISDIR(stb.st_mode)) { 855 if (!S_ISDIR(stb.st_mode)) {
848 errno = ENOTDIR; 856 errno = ENOTDIR;