net/openssh/patches/0000-CVE-2018-20685.patch

   1 From 6010c0303a422a9c5fa8860c061bf7105eb7f8b2 Mon Sep 17 00:00:00 2001
   2 From: "djm@openbsd.org" <djm@openbsd.org>
   3 Date: Fri, 16 Nov 2018 03:03:10 +0000
   4 Subject: [PATCH] upstream: disallow empty incoming filename or ones that refer
   5  to the
   6
   7 current directory; based on report/patch from Harry Sintonen
   8
   9 OpenBSD-Commit-ID: f27651b30eaee2df49540ab68d030865c04f6de9
  10 ---
  11  scp.c | 5 +++--
  12  1 file changed, 3 insertions(+), 2 deletions(-)
  13
  14 diff --git a/scp.c b/scp.c
  15 index 60682c687..4f3fdcd3d 100644
  16 --- a/scp.c
  17 +++ b/scp.c
  18 @@ -1,4 +1,4 @@
  19 -/* $OpenBSD: scp.c,v 1.197 2018/06/01 04:31:48 dtucker Exp $ */
  20 +/* $OpenBSD: scp.c,v 1.198 2018/11/16 03:03:10 djm Exp $ */
  21  /*
  22   * scp - secure remote copy.  This is basically patched BSD rcp which
  23   * uses ssh to do the data transfer (instead of using rcmd).
  24 @@ -1106,7 +1106,8 @@ sink(int argc, char **argv)
  25                         SCREWUP("size out of range");
  26                 size = (off_t)ull;
  27
  28 -               if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
  29 +               if (*cp == '\0' || strchr(cp, '/') != NULL ||
  30 +                   strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
  31                         run_err("error: unexpected filename: %s", cp);
  32                         exit(1);
  33                 }