Mercurial > dropbear
comparison scp.c @ 1669:3080aed32bf1
scp.c: Port OpenSSH CVE-2018-20685 fix (#80)
| author | Haelwenn Monnier <contact+github.com@hacktivis.me> |
|---|---|
| date | Mon, 25 May 2020 14:54:29 +0200 |
| parents | 750ec4ec4cbe |
| children | 401d7d8c8a79 |
comparison
equal
deleted
inserted
replaced
| 1668:49cb3cf4bd6f | 1669:3080aed32bf1 |
|---|---|
| 933 | 933 |
| 934 for (size = 0; isdigit(*cp);) | 934 for (size = 0; isdigit(*cp);) |
| 935 size = size * 10 + (*cp++ - '0'); | 935 size = size * 10 + (*cp++ - '0'); |
| 936 if (*cp++ != ' ') | 936 if (*cp++ != ' ') |
| 937 SCREWUP("size not delimited"); | 937 SCREWUP("size not delimited"); |
| 938 if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) { | 938 if (*cp == '\0' || strchr(cp, '/') != NULL || |
| 939 strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) { | |
| 939 run_err("error: unexpected filename: %s", cp); | 940 run_err("error: unexpected filename: %s", cp); |
| 940 exit(1); | 941 exit(1); |
| 941 } | 942 } |
| 942 if (targisdir) { | 943 if (targisdir) { |
| 943 static char *namebuf = NULL; | 944 static char *namebuf = NULL; |