Bug 3007

Summary: Provide regression tests for scp vulnerabilities
Product: Portable OpenSSH Reporter: Jakub Jelen <jjelen>
Component: Regression testsAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED FIXED    
Severity: enhancement CC: djm
Priority: P5    
Version: 8.0p1   
Hardware: Other   
OS: Linux   
Bug Depends on:    
Bug Blocks: 2988    
Attachments:
Description Flags
Patch from sintonen.fi none

Description Jakub Jelen 2019-05-10 22:29:45 AEST 
Created attachment 3280 [details]
Patch from sintonen.fi

The original reporter provided a list of test cases to extend the existing regression tests for scp, but they were not incorporated into the tree with the final patches.

I am not sure whether there was some specific reason for this omission or it was intentional, but having this inside of package regression testsuite sounds very useful for QA of the tool.

From what I see, they cover the three vulnerabilities:
 * empty or dot filename: CVE-2018-20685
 * sending additional files by malicious server: CVE-2019-6111

See attached patch (subset of the patch provided on the advisory page below). I successfully verified that it works fine with 8.0, but fails with 7.9.

https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
Comment 1 Damien Miller 2019-07-19 13:45:57 AEST 
applied - thanks
Comment 2 Damien Miller 2021-04-23 15:08:42 AEST 
closing resolved bugs as of 8.6p1 release