projects / u / mdw / putty / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a094ae4) | patch
Fix a potential vulnerability in incoming `pscp -r'. The server
authorsimon <simon@cda61777-01e9-0310-a592-d414129be87e>
Sat, 21 Oct 2000 17:36:44 +0000 (17:36 +0000)
committersimon <simon@cda61777-01e9-0310-a592-d414129be87e>
Sat, 21 Oct 2000 17:36:44 +0000 (17:36 +0000)
commit9520eba82befd328430269d889959f320bed46d5
treea4f369282c553651a856352f20310527eae5a167tree | snapshot (tar.gz zip)
parenta094ae434ec1d6a0f69af9b3ef6fbeb40fa96d92commit | diff
Fix a potential vulnerability in incoming `pscp -r'. The server
sends filenames of things in the directory being copied. A malicious
server could have sent, for example, "..\..\windows\system\foo.dll"
and overwritten something crucial. The filenames are now vetted to
ensure they don't contain slashes or backslashes.

git-svn-id: svn://svn.tartarus.org/sgt/putty@742 cda61777-01e9-0310-a592-d414129be87e
scp.c diff | blob | blame | history
Local modifications for Simon Tatham's `PuTTY' SSH client and terminal emulator