From 391c78de9d0f7baec3a44d86a76f4e1324eb9529 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Fri, 6 Dec 2019 09:40:30 +0100
Subject: CVE-2019-14889: scp: Don't allow file path longer than 32kb

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 0b5ee397260b6e08dffa2c1ce515a153aaeda765)
---
 src/scp.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/scp.c b/src/scp.c
index 166f3d2f..4b00aa5f 100644
--- a/src/scp.c
+++ b/src/scp.c
@@ -80,6 +80,12 @@ ssh_scp ssh_scp_new(ssh_session session, int mode, const char *location)
         goto error;
     }
 
+    if (strlen(location) > 32 * 1024) {
+        ssh_set_error(session, SSH_FATAL,
+                      "Location path is too long");
+        goto error;
+    }
+
     scp->location = strdup(location);
     if (scp->location == NULL) {
         ssh_set_error(session, SSH_FATAL,
-- 
cgit v1.2.3