mirror of
git://anongit.mindrot.org/openssh.git
synced 2025-01-11 20:29:32 +00:00
- markus@cvs.openbsd.org 2003/02/02 10:51:13
[scp.c]
call okname() only when using system(3) for remote-remote copy;
fixes bugs #483, #472; ok deraadt@, mouring@
This commit is contained in:
Damien Miller
parent
ffadc583f6
commit
eeeeb3517e
@ -20,6 +20,10 @@
|
|||||||
[sshd.8]
|
[sshd.8]
|
||||||
typos; sshd(8): help and ok markus@
|
typos; sshd(8): help and ok markus@
|
||||||
help and ok millert@
|
help and ok millert@
|
||||||
|
- markus@cvs.openbsd.org 2003/02/02 10:51:13
|
||||||
|
[scp.c]
|
||||||
|
call okname() only when using system(3) for remote-remote copy;
|
||||||
|
fixes bugs #483, #472; ok deraadt@, mouring@
|
||||||
|
|
||||||
20030211
|
20030211
|
||||||
- (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com
|
- (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com
|
||||||
@ -1120,4 +1124,4 @@
|
|||||||
save auth method before monitor_reset_key_state(); bugzilla bug #284;
|
save auth method before monitor_reset_key_state(); bugzilla bug #284;
|
||||||
ok provos@
|
ok provos@
|
||||||
|
|
||||||
$Id: ChangeLog,v 1.2598 2003/02/24 00:52:26 djm Exp $
|
$Id: ChangeLog,v 1.2599 2003/02/24 00:52:58 djm Exp $
|
||||||
|
|||||||
21
scp.c
21
scp.c
@ -75,7 +75,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$OpenBSD: scp.c,v 1.100 2003/01/23 14:06:15 markus Exp $");
|
RCSID("$OpenBSD: scp.c,v 1.101 2003/02/02 10:51:13 markus Exp $");
|
||||||
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "atomicio.h"
|
#include "atomicio.h"
|
||||||
@ -370,8 +370,6 @@ toremote(targ, argc, argv)
|
|||||||
tuser = argv[argc - 1];
|
tuser = argv[argc - 1];
|
||||||
if (*tuser == '\0')
|
if (*tuser == '\0')
|
||||||
tuser = NULL;
|
tuser = NULL;
|
||||||
else if (!okname(tuser))
|
|
||||||
exit(1);
|
|
||||||
} else {
|
} else {
|
||||||
thost = argv[argc - 1];
|
thost = argv[argc - 1];
|
||||||
tuser = NULL;
|
tuser = NULL;
|
||||||
@ -399,6 +397,8 @@ toremote(targ, argc, argv)
|
|||||||
suser = pwd->pw_name;
|
suser = pwd->pw_name;
|
||||||
else if (!okname(suser))
|
else if (!okname(suser))
|
||||||
continue;
|
continue;
|
||||||
|
if (tuser && !okname(tuser))
|
||||||
|
continue;
|
||||||
snprintf(bp, len,
|
snprintf(bp, len,
|
||||||
"%s%s %s -n "
|
"%s%s %s -n "
|
||||||
"-l %s %s %s %s '%s%s%s:%s'",
|
"-l %s %s %s %s '%s%s%s:%s'",
|
||||||
@ -472,8 +472,6 @@ tolocal(argc, argv)
|
|||||||
suser = argv[i];
|
suser = argv[i];
|
||||||
if (*suser == '\0')
|
if (*suser == '\0')
|
||||||
suser = pwd->pw_name;
|
suser = pwd->pw_name;
|
||||||
else if (!okname(suser))
|
|
||||||
continue;
|
|
||||||
}
|
}
|
||||||
host = cleanhostname(host);
|
host = cleanhostname(host);
|
||||||
len = strlen(src) + CMDNEEDS + 20;
|
len = strlen(src) + CMDNEEDS + 20;
|
||||||
@ -1085,9 +1083,18 @@ okname(cp0)
|
|||||||
c = (int)*cp;
|
c = (int)*cp;
|
||||||
if (c & 0200)
|
if (c & 0200)
|
||||||
goto bad;
|
goto bad;
|
||||||
if (!isalpha(c) && !isdigit(c) &&
|
if (!isalpha(c) && !isdigit(c)) {
|
||||||
c != '@' && c != '_' && c != '-' && c != '.' && c != '+')
|
switch (c) {
|
||||||
|
case '\'':
|
||||||
|
case '"':
|
||||||
|
case '`':
|
||||||
|
case ' ':
|
||||||
|
case '#':
|
||||||
goto bad;
|
goto bad;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
} while (*++cp);
|
} while (*++cp);
|
||||||
return (1);
|
return (1);
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user