search for: src_copy

...milleune at inertia:~/syslinux-lua-stappers/com32/lua | $ ls | assist patches README.syslinux | milleune at inertia:~/syslinux-lua-stappers/com32/lua | $ assist/get | milleune at inertia:~/syslinux-lua-stappers/com32/lua | $ ls | assist doc HISTORY lua-5.1.3.tar.gz patches README.syslinux src_copy | COPYRIGHT etc INSTALL Makefile README src test | milleune at inertia:~/syslinux-lua-stappers/com32/lua | $ diff src_copy/ src/ | milleune at inertia:~/syslinux-lua-stappers/com32/lua | $ assist/patch | milleune at inertia:~/syslinux-lua-stappers/com32/lua | $ diff src_copy/ src/ |...

Hello, I would like to request an update of the progress regarding fixes for the recently disclosed SCP vulnerability (CVE-2018-20685, CVE-2019-6111, CVE-2019-6109, CVE-2019-6110) It has been stated that CVE-2018-20685 has been patched in november but there are currently no information available on the progress of patches regarding the other CVEs. Will there be a patched release any time soon?

...fs/btrfs/tree-log.c 2010-07-06 16:45:48.000000000 +0400 +++ /tmp/cocci-output-7783-8f7d1b-tree-log.c 2010-07-28 18:43:08.000000000 +0400 @@ -336,8 +336,6 @@ static noinline int overwrite_item(struc btrfs_release_path(root, path); return 0; } - dst_copy = kmalloc(item_size, GFP_NOFS); - src_copy = kmalloc(item_size, GFP_NOFS); read_extent_buffer(eb, src_copy, src_ptr, item_size); @@ -664,7 +662,6 @@ static noinline int drop_one_dir_item(st btrfs_dir_item_key_to_cpu(leaf, di, &location); name_len = btrfs_dir_name_len(leaf, di); - name = kmalloc(name_len, GFP_NOFS); read_e...

...the requested filename contains no / characters, e.g. scp remote:'[xyz]*' . or even scp remote:safefile . no check is done; the remote is permitted to send any file name (hence overwrite any file) it likes. The trouble is that the new code does if ((restrict_pattern = strrchr(src_copy, '/')) != NULL) { *restrict_pattern++ = '\0'; } then, later, if (restrict_pattern != NULL && fnmatch(restrict_pattern, cp, 0) != 0) SCREWUP("filename does not match request"); If there is no /, strrchr r...

...the requested filename contains no / characters, e.g. scp remote:'[xyz]*' . or even scp remote:safefile . no check is done; the remote is permitted to send any file name (hence overwrite any file) it likes. The trouble is that the new code does if ((restrict_pattern = strrchr(src_copy, '/')) != NULL) { *restrict_pattern++ = '\0'; } then, later, if (restrict_pattern != NULL && fnmatch(restrict_pattern, cp, 0) != 0) SCREWUP("filename does not match request"); If there is no /, strrchr r...