aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cryptomilk.org>2019-12-06 09:40:30 +0100
committerAndreas Schneider <asn@cryptomilk.org>2019-12-09 17:34:28 +0100
commit391c78de9d0f7baec3a44d86a76f4e1324eb9529 (patch)
tree48fd1854f0b047aba9cdd8d5d722813e6ae7d1d1
parent2ba1dea5493fb2f5a5be2dd263ce46ccb5f8ec76 (diff)
downloadlibssh-391c78de9d0f7baec3a44d86a76f4e1324eb9529.tar.gz
libssh-391c78de9d0f7baec3a44d86a76f4e1324eb9529.tar.xz
libssh-391c78de9d0f7baec3a44d86a76f4e1324eb9529.zip
CVE-2019-14889: scp: Don't allow file path longer than 32kb
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit 0b5ee397260b6e08dffa2c1ce515a153aaeda765)
-rw-r--r--src/scp.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/scp.c b/src/scp.c
index 166f3d2f..4b00aa5f 100644
--- a/src/scp.c
+++ b/src/scp.c
@@ -80,6 +80,12 @@ ssh_scp ssh_scp_new(ssh_session session, int mode, const char *location)
goto error;
}
+ if (strlen(location) > 32 * 1024) {
+ ssh_set_error(session, SSH_FATAL,
+ "Location path is too long");
+ goto error;
+ }
+
scp->location = strdup(location);
if (scp->location == NULL) {
ssh_set_error(session, SSH_FATAL,