3007 – Provide regression tests for scp vulnerabilities

Bug 3007 - Provide regression tests for scp vulnerabilities

Summary: Provide regression tests for scp vulnerabilities

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	Regression tests (show other bugs)
Version:	8.0p1
Hardware:	Other Linux

Importance:	P5 enhancement
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:	V_8_1
	Show dependency tree / graph

Reported:	2019-05-10 22:29 AEST by Jakub Jelen
Modified:	2021-04-23 15:08 AEST (History)
CC List:	1 user (show)

See Also:

Attachments
Patch from sintonen.fi (1.57 KB, text/plain) 2019-05-10 22:29 AEST, Jakub Jelen	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jakub Jelen 2019-05-10 22:29:45 AEST

Created attachment 3280 [details]
Patch from sintonen.fi

The original reporter provided a list of test cases to extend the existing regression tests for scp, but they were not incorporated into the tree with the final patches.

I am not sure whether there was some specific reason for this omission or it was intentional, but having this inside of package regression testsuite sounds very useful for QA of the tool.

From what I see, they cover the three vulnerabilities:
 * empty or dot filename: CVE-2018-20685
 * sending additional files by malicious server: CVE-2019-6111

See attached patch (subset of the patch provided on the advisory page below). I successfully verified that it works fine with 8.0, but fails with 7.9.

https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt

Comment 1 Damien Miller 2019-07-19 13:45:57 AEST

applied - thanks

Comment 2 Damien Miller 2021-04-23 15:08:42 AEST

closing resolved bugs as of 8.6p1 release