diff options
Diffstat (limited to 'debian/patches/0009-Verify-scp-command-options.patch')
| -rw-r--r-- | debian/patches/0009-Verify-scp-command-options.patch | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/debian/patches/0009-Verify-scp-command-options.patch b/debian/patches/0009-Verify-scp-command-options.patch index da94f0c..390f4ac 100644 --- a/debian/patches/0009-Verify-scp-command-options.patch +++ b/debian/patches/0009-Verify-scp-command-options.patch @@ -17,7 +17,8 @@ first. Attempt to protect against this attack by checking the command line of scp and only allowing the options that are passed to the server end of the connection. Require either -f or -t be given, which -disables scp's attempts to connect to a remote host. +disables scp's attempts to connect to a remote host. Allow these as +-pf and -pt, which are sent by libssh2. Debian Bug#919623 --- @@ -25,7 +26,7 @@ Debian Bug#919623 1 file changed, 42 insertions(+), 2 deletions(-) diff --git a/util.c b/util.c -index 52a751b..391ad4a 100644 +index 52a751b..da97592 100644 --- a/util.c +++ b/util.c @@ -263,6 +263,43 @@ static int rsync_okay( char **vec ) @@ -48,11 +49,11 @@ index 52a751b..391ad4a 100644 + if ( strcmp(*vec, "-r") == 0 ) continue; + if ( strcmp(*vec, "-p") == 0 ) continue; + if ( strcmp(*vec, "-d") == 0 ) continue; -+ if ( strcmp(*vec, "-f") == 0 ){ ++ if ( strcmp(*vec, "-f") == 0 || strcmp(*vec, "-pf") == 0 ){ + saw_f_or_t = TRUE; + continue; + } -+ if ( strcmp(*vec, "-t") == 0 ){ ++ if ( strcmp(*vec, "-t") == 0 || strcmp(*vec, "-pt") == 0 ){ + saw_f_or_t = TRUE; + continue; + } |