aboutsummaryrefslogblamecommitdiffstats
path: root/main/dropbear/CVE-2018-20685.patch
blob: a8ea2af85b4dbcf22782db19e4c722b7f04cd815 (plain) (tree)






















                                                                           
From 8f8a3dff705fad774a10864a2e3dbcfa9779ceff Mon Sep 17 00:00:00 2001
From: Haelwenn Monnier <contact+github.com@hacktivis.me>
Date: Mon, 25 May 2020 14:54:29 +0200
Subject: [PATCH] scp.c: Port OpenSSH CVE-2018-20685 fix (#80)

---
 scp.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scp.c b/scp.c
index 742ae00f..7b8e7d22 100644
--- a/scp.c
+++ b/scp.c
@@ -935,7 +935,8 @@ sink(int argc, char **argv)
 			size = size * 10 + (*cp++ - '0');
 		if (*cp++ != ' ')
 			SCREWUP("size not delimited");
-		if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
+		if (*cp == '\0' || strchr(cp, '/') != NULL ||
+		    strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
 			run_err("error: unexpected filename: %s", cp);
 			exit(1);
 		}