thought. As well as the ".." attack in recursive copies, the name
sent by the client was also trusted in a single-file implicit-
destination copy such as "pscp host:foo .". (The result was ./foo,
where foo is what the server claimed the file was rather than what
the user asked for. I think it's not unreasonable that if the user
requests file `foo' from the host, he should get the result in a
file called `foo' no matter what the host thinks.)
[originally from svn r743]
sends filenames of things in the directory being copied. A malicious
server could have sent, for example, "..\..\windows\system\foo.dll"
and overwritten something crucial. The filenames are now vetted to
ensure they don't contain slashes or backslashes.
[originally from svn r742]
use when they have data from the network. Replaces the utterly daft
inbuf / inbuf_head / term_out() interface, which only made sense
when feeding to terminal.c. (terminal.c now implements
from_backend() as a small function that gateways to the old
interface.)
As a side effect, from_backend() also has an `is_stderr' parameter,
so scp can once again separate the server's pronouncements on stderr
from the actual protocol progress on stdout.
[originally from svn r729]
windlg.c into it. Allows plink and pscp to no longer link with
windlg.c, meaning they lose some of the sillier stub functions and
also can provide a console-based form of verify_ssh_host_key().
[originally from svn r683]
functions as calls to the MS Crypto API. Not integrated into the
Makefile yet, but should eventually allow building of an SSH-enabled
PuTTY which contains no native crypto code, so it can be used
everywhere (and anyone who can get the MS encryption pack can still
use the SSH parts).
[originally from svn r425]
