CVE-2019-14889: scp: Don't allow file path longer than 32kb

Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-12-06 09:40:30 +01:00 · 2019-12-06 09:40:30 +01:00 · 0b5ee39726
--- a/src/scp.c
+++ b/src/scp.c
@ -80,6 +80,12 @@ ssh_scp ssh_scp_new(ssh_session session, int mode, const char *location)
        goto error;
    }

+    if (strlen(location) > 32 * 1024) {
+        ssh_set_error(session, SSH_FATAL,
+                      "Location path is too long");
+        goto error;
+    }
+
    scp->location = strdup(location);
    if (scp->location == NULL) {
        ssh_set_error(session, SSH_FATAL,