+ /*
+ * Prevent the remote side from maliciously writing to
+ * files outside the target area by sending a filename
+ * containing `../'. In fact, it shouldn't be sending
+ * filenames with any slashes in at all; so we'll find
+ * the last slash or backslash in the filename and use
+ * only the part after that. (And warn!)
+ *
+ * In addition, we also ensure here that if we're
+ * copying a single file and the target is a directory
+ * (common usage: `pscp host:filename .') the remote
+ * can't send us a _different_ file name. We can
+ * distinguish this case because `src' will be non-NULL
+ * and the last component of that will fail to match
+ * (the last component of) the name sent.
+ */
+ char *striptarget, *stripsrc;
+
+ striptarget = stripslashes(act.name);
+ if (striptarget != act.name) {
+ tell_user(stderr, "warning: remote host sent a compound"
+ " pathname - possibly malicious! (ignored)");
+ }
+
+ /*
+ * Also check to see if the target filename is '.' or
+ * '..', or indeed '...' and so on because Windows
+ * appears to interpret those like '..'.
+ */
+ if (striptarget[strspn(striptarget, ".")] == '\0') {
+ bump("security violation: remote host attempted to write to"
+ " a '.' or '..' path!");
+ }
+
+ if (src) {
+ stripsrc = stripslashes(src);
+ if (strcmp(striptarget, stripsrc)) {
+ tell_user(stderr, "warning: remote host attempted to"
+ " write to a different filename: disallowing");
+ }
+ /* Override the name the server provided with our own. */
+ striptarget = stripsrc;
+ }
+