HomeFreeBSD
Diffusion FreeBSD src repository afde5170533a

scp: validate filenames provided by server against wildcard in client
afde5170533a
Actions

Description

scp: validate filenames provided by server against wildcard in client

OpenSSH-portable commits:

check in scp client that filenames sent during remote->local directory
copies satisfy the wildcard specified by the user.

This checking provides some protection against a malicious server
sending unexpected filenames, but it comes at a risk of rejecting wanted
files due to differences between client and server wildcard expansion rules.

For this reason, this also adds a new -T flag to disable the check.

reported by Harry Sintonen
fix approach suggested by markus@;
has been in snaps for ~1wk courtesy deraadt@

OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda

Minor patch conflict (getopt) resolved.

Obtained from: OpenSSH-portable 391ffc4b9d31fa1f4ad566499fef9176ff8a07dc

scp: add -T to usage();

OpenBSD-Commit-ID: a7ae14d9436c64e1bd05022329187ea3a0ce1899

Obtained from: OpenSSH-portable 2c21b75a7be6ebdcbceaebb43157c48dbb36f3d8

PR: 234965
Approved by: des
MFC after: 3 days
Obtained from: OpenSSH-portable 391ffc4b9d, 2c21b75a7b
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D19076

Details

Provenance
emasteAuthored on Feb 21 2019, 10:45 PM
Parents
rG85f19ec0ec26: Merge upstream 2c21b75a7be6ebdcbceaebb43157c48dbb36f3d8:
rGf10dc8380662: MFV: r344447
Branches
Unknown
Tags
Unknown

Event Timeline

Merged Changes

Changes (2)

PathSize
crypto/
openssh/

rGafde5170533a

View Options

crypto/openssh/scp.1

Loading...
View Options

crypto/openssh/scp.c

Loading...