1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-03-16 03:53:01 -05:00
Simon Tatham 2675f9578d File transfer tools: sanitise remote filenames and stderr.
This commit adds sanitisation to PSCP and PSFTP in the same style as
I've just put it into Plink. This time, standard error is sanitised
without reference to whether it's redirected (at least unless you give
an override option), on the basis that where Plink is _sometimes_ an
SSH transport for some other protocol, PSCP and PSFTP _always_ are.

But also, the sanitiser is run over any remote filename sent by the
server, substituting ? for any control characters it finds. That
removes another avenue for the server to deliberately confuse the
display.

This commit fixes our bug 'pscp-unsanitised-server-output', aka the
two notional 'vulnerabilities' CVE-2019-6109 and CVE-2019-6110.
(Although we regard those in isolation as only bugs, not serious
vulnerabilities, because their main threat was in hiding the evidence
of a server having exploited other more serious vulns that we never
had.)
2019-02-20 07:27:22 +00:00
..
2006-12-19 10:28:44 +00:00
2017-05-07 16:29:01 +01:00
2016-03-26 17:38:49 +00:00
2018-05-20 13:57:35 +01:00
2017-05-07 16:29:01 +01:00
2017-05-07 16:29:01 +01:00
2017-05-07 16:29:01 +01:00
2017-05-07 16:29:01 +01:00
2018-08-25 14:38:47 +01:00
2018-02-04 14:19:31 +00:00