Displaying 3 results from an estimated 3 matches for "restrict_pattern".
2019 Feb 08
12
[Bug 2966] New: scp rev 1.202 fix doesn't quite hit the mark
...e fix has two bugs:
1. If the requested filename contains no / characters, e.g.
scp remote:'[xyz]*' .
or even
scp remote:safefile .
no check is done; the remote is permitted to send any file name
(hence overwrite any file) it likes. The trouble is that the
new code does
if ((restrict_pattern = strrchr(src_copy, '/')) != NULL) {
*restrict_pattern++ = '\0';
}
then, later,
if (restrict_pattern != NULL &&
fnmatch(restrict_pattern, cp, 0) != 0)
SCREWUP("filename does not match request");
If there...
2019 Feb 08
12
[Bug 2966] New: scp rev 1.202 fix doesn't quite hit the mark
...e fix has two bugs:
1. If the requested filename contains no / characters, e.g.
scp remote:'[xyz]*' .
or even
scp remote:safefile .
no check is done; the remote is permitted to send any file name
(hence overwrite any file) it likes. The trouble is that the
new code does
if ((restrict_pattern = strrchr(src_copy, '/')) != NULL) {
*restrict_pattern++ = '\0';
}
then, later,
if (restrict_pattern != NULL &&
fnmatch(restrict_pattern, cp, 0) != 0)
SCREWUP("filename does not match request");
If there...
2019 Jan 19
2
Status of SCP vulnerability
Hello,
I would like to request an update of the progress regarding fixes for the recently disclosed SCP vulnerability (CVE-2018-20685, CVE-2019-6111, CVE-2019-6109, CVE-2019-6110)
It has been stated that CVE-2018-20685 has been patched in november but there are currently no information available on the progress of patches regarding the other CVEs.
Will there be a patched release any time soon?