===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/scp.c,v
retrieving revision 1.100
retrieving revision 1.101
diff -u -r1.100 -r1.101
--- src/usr.bin/ssh/scp.c	2003/01/23 14:06:15	1.100
+++ src/usr.bin/ssh/scp.c	2003/02/02 10:51:13	1.101
@@ -75,7 +75,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: scp.c,v 1.100 2003/01/23 14:06:15 markus Exp $");
+RCSID("$OpenBSD: scp.c,v 1.101 2003/02/02 10:51:13 markus Exp $");
 
 #include "xmalloc.h"
 #include "atomicio.h"
@@ -361,8 +361,6 @@
 		tuser = argv[argc - 1];
 		if (*tuser == '\0')
 			tuser = NULL;
-		else if (!okname(tuser))
-			exit(1);
 	} else {
 		thost = argv[argc - 1];
 		tuser = NULL;
@@ -390,6 +388,8 @@
 					suser = pwd->pw_name;
 				else if (!okname(suser))
 					continue;
+				if (tuser && !okname(tuser))
+					continue;
 				snprintf(bp, len,
 				    "%s%s %s -n "
 				    "-l %s %s %s %s '%s%s%s:%s'",
@@ -463,8 +463,6 @@
 			suser = argv[i];
 			if (*suser == '\0')
 				suser = pwd->pw_name;
-			else if (!okname(suser))
-				continue;
 		}
 		host = cleanhostname(host);
 		len = strlen(src) + CMDNEEDS + 20;
@@ -1061,9 +1059,18 @@
 		c = (int)*cp;
 		if (c & 0200)
 			goto bad;
-		if (!isalpha(c) && !isdigit(c) &&
-		    c != '@' && c != '_' && c != '-' && c != '.' && c != '+')
-			goto bad;
+		if (!isalpha(c) && !isdigit(c)) {
+			switch (c) {
+			case '\'':
+			case '"':
+			case '`':
+			case ' ':
+			case '#':
+				goto bad;
+			default:
+				break;
+			}
+		}
 	} while (*++cp);
 	return (1);