dropbear: Fix CVE-2020-36254
[openwrt/openwrt.git] / package / network / services / dropbear / patches / 001-fix-CVE-2020-36254.patch
1 From 8f8a3dff705fad774a10864a2e3dbcfa9779ceff Mon Sep 17 00:00:00 2001
2 From: Haelwenn Monnier <contact+github.com@hacktivis.me>
3 Date: Mon, 25 May 2020 14:54:29 +0200
4 Subject: [PATCH] scp.c: Port OpenSSH CVE-2018-20685 fix (#80)
5
6 ---
7 scp.c | 3 ++-
8 1 file changed, 2 insertions(+), 1 deletion(-)
9
10 --- a/scp.c
11 +++ b/scp.c
12 @@ -935,7 +935,8 @@ sink(int argc, char **argv)
13 size = size * 10 + (*cp++ - '0');
14 if (*cp++ != ' ')
15 SCREWUP("size not delimited");
16 - if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
17 + if (*cp == '\0' || strchr(cp, '/') != NULL ||
18 + strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
19 run_err("error: unexpected filename: %s", cp);
20 exit(1);
21 }