diff options
author | Andreas Schneider <asn@cryptomilk.org> | 2019-12-06 09:40:30 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-12-09 17:34:28 +0100 |
commit | 391c78de9d0f7baec3a44d86a76f4e1324eb9529 (patch) | |
tree | 48fd1854f0b047aba9cdd8d5d722813e6ae7d1d1 | |
parent | 2ba1dea5493fb2f5a5be2dd263ce46ccb5f8ec76 (diff) | |
download | libssh-391c78de9d0f7baec3a44d86a76f4e1324eb9529.tar.gz libssh-391c78de9d0f7baec3a44d86a76f4e1324eb9529.tar.xz libssh-391c78de9d0f7baec3a44d86a76f4e1324eb9529.zip |
CVE-2019-14889: scp: Don't allow file path longer than 32kb
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 0b5ee397260b6e08dffa2c1ce515a153aaeda765)
-rw-r--r-- | src/scp.c | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -80,6 +80,12 @@ ssh_scp ssh_scp_new(ssh_session session, int mode, const char *location) goto error; } + if (strlen(location) > 32 * 1024) { + ssh_set_error(session, SSH_FATAL, + "Location path is too long"); + goto error; + } + scp->location = strdup(location); if (scp->location == NULL) { ssh_set_error(session, SSH_FATAL, |