Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-misc/openssh/files
diff options
context:
space:
mode:
authorThomas Deutschmann <whissi@gentoo.org>2019-01-15 18:41:40 +0100
committerThomas Deutschmann <whissi@gentoo.org>2019-01-15 18:41:58 +0100
commit45084b9a615f719976434938be717dfde3075133 (patch)
tree38e392069b72226479b9f2f639bd7f8cd5ff2982 /net-misc/openssh/files
parentx11-drivers/nvidia-drivers: Version 415.27 (diff)
downloadgentoo-45084b9a615f719976434938be717dfde3075133.tar.gz
gentoo-45084b9a615f719976434938be717dfde3075133.tar.bz2
gentoo-45084b9a615f719976434938be717dfde3075133.zip
net-misc/openssh: add patch for CVE-2018-20685
Package-Manager: Portage-2.3.55, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Diffstat (limited to 'net-misc/openssh/files')
-rw-r--r--net-misc/openssh/files/openssh-7.9_p1-CVE-2018-20685.patch16
1 files changed, 16 insertions, 0 deletions
diff --git a/net-misc/openssh/files/openssh-7.9_p1-CVE-2018-20685.patch b/net-misc/openssh/files/openssh-7.9_p1-CVE-2018-20685.patch
new file mode 100644
index 000000000000..3fa3e318af50
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.9_p1-CVE-2018-20685.patch
@@ -0,0 +1,16 @@
+CVE-2018-20685
+
+https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2
+
+--- a/scp.c
++++ b/scp.c
+@@ -1106,7 +1106,8 @@ sink(int argc, char **argv)
+ SCREWUP("size out of range");
+ size = (off_t)ull;
+
+- if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
++ if (*cp == '\0' || strchr(cp, '/') != NULL ||
++ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
+ run_err("error: unexpected filename: %s", cp);
+ exit(1);
+ }