sends filenames of things in the directory being copied. A malicious
server could have sent, for example, "..\..\windows\system\foo.dll"
and overwritten something crucial. The filenames are now vetted to
ensure they don't contain slashes or backslashes.
git-svn-id: svn://svn.tartarus.org/sgt/putty@742
cda61777-01e9-0310-a592-
d414129be87e
va_list ap;
va_start(ap, fmt);
errs++;
- strcpy(str, "\01scp: ");
+ strcpy(str, "scp: ");
vsprintf(str+strlen(str), fmt, ap);
strcat(str, "\n");
back->send(str, strlen(str));
bump("Protocol error: Illegal file descriptor format");
if (targisdir) {
char t[2048];
+ char *p;
strcpy(t, targ);
if (targ[0] != '\0')
strcat(t, "/");
- strcat(t, namebuf);
+ p = namebuf + strlen(namebuf);
+ while (p > namebuf && p[-1] != '/' && p[-1] != '\\')
+ p--;
+ strcat(t, p);
strcpy(namebuf, t);
} else {
strcpy(namebuf, targ);