[openssh-commits] [openssh] 01/01: on Cygwin, check paths from server for backslashes
git+noreply at mindrot.org
git+noreply at mindrot.org
Mon Mar 20 12:01:02 AEDT 2017
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 89f04852db27643717c9c3a2b0dde97ae50099ee
Author: Damien Miller <djm at mindrot.org>
Date: Mon Mar 20 11:53:34 2017 +1100
on Cygwin, check paths from server for backslashes
Pointed out by Jann Horn of Google Project Zero
---
sftp-client.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/sftp-client.c b/sftp-client.c
index d47be0e..a6e8322 100644
--- a/sftp-client.c
+++ b/sftp-client.c
@@ -67,6 +67,13 @@ extern int showprogress;
/* Maximum depth to descend in directory trees */
#define MAX_DIR_DEPTH 64
+/* Directory separator characters */
+#ifdef HAVE_CYGWIN
+# define SFTP_DIRECTORY_CHARS "/\\"
+#else /* HAVE_CYGWIN */
+# define SFTP_DIRECTORY_CHARS "/"
+#endif /* HAVE_CYGWIN */
+
struct sftp_conn {
int fd_in;
int fd_out;
@@ -619,7 +626,7 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag,
* These can be used to attack recursive ops
* (e.g. send '../../../../etc/passwd')
*/
- if (strchr(filename, '/') != NULL) {
+ if (strpbrk(filename, SFTP_DIRECTORY_CHARS) != NULL) {
error("Server sent suspect path \"%s\" "
"during readdir of \"%s\"", filename, path);
} else if (dir) {
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list