• djm@openbsd.org's avatar
    upstream: check in scp client that filenames sent during · 125924e4
    djm@openbsd.org authored
    remote->local directory copies satisfy the wildcard specified by the user.
    
    This checking provides some protection against a malicious server
    sending unexpected filenames, but it comes at a risk of rejecting wanted
    files due to differences between client and server wildcard expansion rules.
    
    For this reason, this also adds a new -T flag to disable the check.
    
    reported by Harry Sintonen
    fix approach suggested by markus@;
    has been in snaps for ~1wk courtesy deraadt@
    
    OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda
    
    CVE-2019-6111
    
    Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=391ffc4b9d31fa1f4ad566499fef9176ff8a07dc
    Last-Update: 2019-02-08
    
    Patch-Name: check-filenames-in-scp-client.patch
    125924e4