diff options
Diffstat (limited to 'scp.c')
-rw-r--r-- | scp.c | 23 |
1 files changed, 15 insertions, 8 deletions
@@ -75,7 +75,7 @@ | |||
75 | */ | 75 | */ |
76 | 76 | ||
77 | #include "includes.h" | 77 | #include "includes.h" |
78 | RCSID("$OpenBSD: scp.c,v 1.100 2003/01/23 14:06:15 markus Exp $"); | 78 | RCSID("$OpenBSD: scp.c,v 1.101 2003/02/02 10:51:13 markus Exp $"); |
79 | 79 | ||
80 | #include "xmalloc.h" | 80 | #include "xmalloc.h" |
81 | #include "atomicio.h" | 81 | #include "atomicio.h" |
@@ -370,8 +370,6 @@ toremote(targ, argc, argv) | |||
370 | tuser = argv[argc - 1]; | 370 | tuser = argv[argc - 1]; |
371 | if (*tuser == '\0') | 371 | if (*tuser == '\0') |
372 | tuser = NULL; | 372 | tuser = NULL; |
373 | else if (!okname(tuser)) | ||
374 | exit(1); | ||
375 | } else { | 373 | } else { |
376 | thost = argv[argc - 1]; | 374 | thost = argv[argc - 1]; |
377 | tuser = NULL; | 375 | tuser = NULL; |
@@ -399,6 +397,8 @@ toremote(targ, argc, argv) | |||
399 | suser = pwd->pw_name; | 397 | suser = pwd->pw_name; |
400 | else if (!okname(suser)) | 398 | else if (!okname(suser)) |
401 | continue; | 399 | continue; |
400 | if (tuser && !okname(tuser)) | ||
401 | continue; | ||
402 | snprintf(bp, len, | 402 | snprintf(bp, len, |
403 | "%s%s %s -n " | 403 | "%s%s %s -n " |
404 | "-l %s %s %s %s '%s%s%s:%s'", | 404 | "-l %s %s %s %s '%s%s%s:%s'", |
@@ -472,8 +472,6 @@ tolocal(argc, argv) | |||
472 | suser = argv[i]; | 472 | suser = argv[i]; |
473 | if (*suser == '\0') | 473 | if (*suser == '\0') |
474 | suser = pwd->pw_name; | 474 | suser = pwd->pw_name; |
475 | else if (!okname(suser)) | ||
476 | continue; | ||
477 | } | 475 | } |
478 | host = cleanhostname(host); | 476 | host = cleanhostname(host); |
479 | len = strlen(src) + CMDNEEDS + 20; | 477 | len = strlen(src) + CMDNEEDS + 20; |
@@ -1085,9 +1083,18 @@ okname(cp0) | |||
1085 | c = (int)*cp; | 1083 | c = (int)*cp; |
1086 | if (c & 0200) | 1084 | if (c & 0200) |
1087 | goto bad; | 1085 | goto bad; |
1088 | if (!isalpha(c) && !isdigit(c) && | 1086 | if (!isalpha(c) && !isdigit(c)) { |
1089 | c != '@' && c != '_' && c != '-' && c != '.' && c != '+') | 1087 | switch (c) { |
1090 | goto bad; | 1088 | case '\'': |
1089 | case '"': | ||
1090 | case '`': | ||
1091 | case ' ': | ||
1092 | case '#': | ||
1093 | goto bad; | ||
1094 | default: | ||
1095 | break; | ||
1096 | } | ||
1097 | } | ||
1091 | } while (*++cp); | 1098 | } while (*++cp); |
1092 | return (1); | 1099 | return (1); |
1093 | 1100 | ||