TestWriteFileRejectsInvalidTargetName guards the SCP protocol-injection fix: a target filename containing newline/CR/NUL must be rejected before any network I/O, so a malicious caller cannot smuggle extra SCP control records (e.g. a second "C0755 ... /etc/shadow" line) into the stream.
(t *testing.T)
| 697 | // any network I/O, so a malicious caller cannot smuggle extra SCP control |
| 698 | // records (e.g. a second "C0755 ... /etc/shadow" line) into the stream. |
| 699 | func TestWriteFileRejectsInvalidTargetName(t *testing.T) { |
| 700 | ssh := &MakeConfig{Server: "127.0.0.1", User: "nobody", Port: "22"} |
| 701 | for _, bad := range []string{ |
| 702 | "foo\nbar", |
| 703 | "foo\rbar", |
| 704 | "foo\x00bar", |
| 705 | "dir/with\nnewline", |
| 706 | } { |
| 707 | err := ssh.WriteFile(bytes.NewReader(nil), 0, bad) |
| 708 | assert.ErrorIs(t, err, ErrInvalidTargetFile, "WriteFile(%q) should reject", bad) |
| 709 | } |
| 710 | } |
| 711 |