From: simon <simon@cda61777-01e9-0310-a592-d414129be87e>
Date: Sat, 21 Oct 2000 17:52:54 +0000 (+0000)
Subject: Ooh. Actually, that vulnerability is further-reaching than I
X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/commitdiff_plain/ca2d59436752b1d46a12d4d4fabd366fac81b0ca?hp=ca2d59436752b1d46a12d4d4fabd366fac81b0ca

Ooh. Actually, that vulnerability is further-reaching than I
thought. As well as the ".." attack in recursive copies, the name
sent by the client was also trusted in a single-file implicit-
destination copy such as "pscp host:foo .". (The result was ./foo,
where foo is what the server claimed the file was rather than what
the user asked for. I think it's not unreasonable that if the user
requests file `foo' from the host, he should get the result in a
file called `foo' no matter what the host thinks.)


git-svn-id: svn://svn.tartarus.org/sgt/putty@743 cda61777-01e9-0310-a592-d414129be87e
---