dropbear-openssh-CVE-2018-20685.patch (460B)
1 diff --git a/scp.c b/scp.c
2 index 742ae00..7b8e7d2 100644
3 --- a/scp.c
4 +++ b/scp.c
5 @@ -935,7 +935,8 @@ sink(int argc, char **argv)
6 size = size * 10 + (*cp++ - '0');
7 if (*cp++ != ' ')
8 SCREWUP("size not delimited");
9 - if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
10 + if (*cp == '\0' || strchr(cp, '/') != NULL ||
11 + strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
12 run_err("error: unexpected filename: %s", cp);
13 exit(1);
14 }