pscp: extra security check in SCP mode.

When you don't specify -r, we now check whether the server is sending a whole subdirectory in place of a single file, and abort if it does. Previously we'd accept the subdirectory download regardless. The new error message labels this as a security violation, just on the grounds that it involves the server doing something other than what the implicit contract suggested it ought to, but I don't think it's a really serious violation in the same sense as letting the server cd into ".." or overwrite files of arbitrary name would be. In this case it can only leave a downloaded thing in the specific place you already authorised it to put _some_ downloaded thing - it's just returned you a directory in place of a file.
2025-01-09 09:27:59 +00:00 · 2018-10-23 18:05:58 +01:00 · 2018-10-23 18:05:58 +01:00 · 18d7998008
commit 18d7998008
parent c31e3cd437
1 changed files with 4 additions and 0 deletions
--- a/pscp.c
+++ b/pscp.c
@ -1456,6 +1456,10 @@ int scp_get_sink_action(struct scp_sink_action *act)
 	      case 'C':
 	      case 'D':
 		act->action = (action == 'C' ? SCP_SINK_FILE : SCP_SINK_DIR);
+                if (act->action == SCP_SINK_DIR && !recursive) {
+                    bump("security violation: remote host attempted to create "
+                         "a subdirectory in a non-recursive copy!");
+                }
 		break;
 	      default:
 		bump("Protocol error: Expected control record");