From d366f891b12ce2802752fe6cde1e39e5003eb656 Mon Sep 17 00:00:00 2001 From: Ed Maste Date: Tue, 15 Jan 2019 15:35:14 +0000 Subject: [PATCH] scp: disallow empty or current directory Obtained from: OpenBSD scp.c 1.198 Security: CVE-2018-20685 Sponsored by: The FreeBSD Foundation --- crypto/openssh/scp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/openssh/scp.c b/crypto/openssh/scp.c index 60682c68769b..817880206684 100644 --- a/crypto/openssh/scp.c +++ b/crypto/openssh/scp.c @@ -1106,7 +1106,8 @@ sink(int argc, char **argv) SCREWUP("size out of range"); size = (off_t)ull; - if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) { + if (*cp == '\0' || strchr(cp, '/') != NULL || + strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) { run_err("error: unexpected filename: %s", cp); exit(1); }