diff options
| -rw-r--r-- | sftp-client.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/sftp-client.c b/sftp-client.c index d47be0ea5..a6e832270 100644 --- a/sftp-client.c +++ b/sftp-client.c | |||
| @@ -67,6 +67,13 @@ extern int showprogress; | |||
| 67 | /* Maximum depth to descend in directory trees */ | 67 | /* Maximum depth to descend in directory trees */ |
| 68 | #define MAX_DIR_DEPTH 64 | 68 | #define MAX_DIR_DEPTH 64 |
| 69 | 69 | ||
| 70 | /* Directory separator characters */ | ||
| 71 | #ifdef HAVE_CYGWIN | ||
| 72 | # define SFTP_DIRECTORY_CHARS "/\\" | ||
| 73 | #else /* HAVE_CYGWIN */ | ||
| 74 | # define SFTP_DIRECTORY_CHARS "/" | ||
| 75 | #endif /* HAVE_CYGWIN */ | ||
| 76 | |||
| 70 | struct sftp_conn { | 77 | struct sftp_conn { |
| 71 | int fd_in; | 78 | int fd_in; |
| 72 | int fd_out; | 79 | int fd_out; |
| @@ -619,7 +626,7 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag, | |||
| 619 | * These can be used to attack recursive ops | 626 | * These can be used to attack recursive ops |
| 620 | * (e.g. send '../../../../etc/passwd') | 627 | * (e.g. send '../../../../etc/passwd') |
| 621 | */ | 628 | */ |
| 622 | if (strchr(filename, '/') != NULL) { | 629 | if (strpbrk(filename, SFTP_DIRECTORY_CHARS) != NULL) { |
| 623 | error("Server sent suspect path \"%s\" " | 630 | error("Server sent suspect path \"%s\" " |
| 624 | "during readdir of \"%s\"", filename, path); | 631 | "during readdir of \"%s\"", filename, path); |
| 625 | } else if (dir) { | 632 | } else if (dir) { |