scp.c: Port OpenSSH CVE-2018-20685 fix (#80)

author: Haelwenn Monnier <contact+github.com@hacktivis.me> 2020-05-25 14:54:29 +0200
committer: Haelwenn Monnier <contact+github.com@hacktivis.me> 2020-05-25 14:54:29 +0200
commit: 8989e92cf4cfcd20348b76372347eb6cac58a2c7 (patch)
tree: 5bfd58f8c286b3ca300a98cb1e1a2293dc020b49
parent: 3248a7fe2a0bfdb5e58c3a8512e23704cb16bf14 (diff)
download: dropbear-8989e92cf4cfcd20348b76372347eb6cac58a2c7.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/scp.c b/scp.c
index 742ae00..7b8e7d2 100644
--- a/scp.c
+++ b/scp.c
@@ -935,7 +935,8 @@ sink(int argc, char **argv)
 			size = size * 10 + (*cp++ - '0');
 		if (*cp++ != ' ')
 			SCREWUP("size not delimited");
-		if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
+		if (*cp == '\0' || strchr(cp, '/') != NULL ||
+		    strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
 			run_err("error: unexpected filename: %s", cp);
 			exit(1);
 		}
author	Haelwenn Monnier <contact+github.com@hacktivis.me>	2020-05-25 14:54:29 +0200
committer	Haelwenn Monnier <contact+github.com@hacktivis.me>	2020-05-25 14:54:29 +0200
commit	8989e92cf4cfcd20348b76372347eb6cac58a2c7 (patch)
tree	5bfd58f8c286b3ca300a98cb1e1a2293dc020b49
parent	3248a7fe2a0bfdb5e58c3a8512e23704cb16bf14 (diff)
download	dropbear-8989e92cf4cfcd20348b76372347eb6cac58a2c7.tar.gz