HomePhabricator

scp: Do not allow newlines in pushed files names

Authored by ansasaki on Nov 4 2019, 4:16 PM.

Description

scp: Do not allow newlines in pushed files names

When pushing files or directories, encode the newlines contained in the
names as the string "\\n". This way the user cannot inject protocol
messages through the file name.

Fixes T189

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit bab7ba01463428c13f2a901c8ec2a3ab6005ef8a)

Details

Committed
asnDec 9 2019, 4:38 PM
Parents
rLIBSSHae68f13a78a8: misc: Add a function to encode newlines
Branches
Unknown
Tags
Unknown
Tasks
Restricted Maniphest Task

Event Timeline

asn added a task: Restricted Maniphest Task.Dec 10 2019, 6:14 PM