[Bug 1956] New: sftp segfaults in parse_args() when argv[0] is NULL
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Thu Dec 8 06:03:28 EST 2011
https://bugzilla.mindrot.org/show_bug.cgi?id=1956
Bug #: 1956
Summary: sftp segfaults in parse_args() when argv[0] is NULL
Classification: Unclassified
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sftp
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: imorgan at nas.nasa.gov
If sftp is built without libedit support, a segfault can occur in
parse_args() when argv[0] equals NULL. This can be triggered by
entering
^L (followed by <enter>) on a blank line.
Connected to alex.
sftp> ^L
Segmentation fault (core dumped)
The backtrace from gdb shows:
#0 0x0000003af267c100 in strcasecmp () from /lib64/libc.so.6
#1 0x0000000000404dd2 in parse_args (conn=0x13fbc0c0, cmd=<value
optimized out>, pwd=0x7fff330ac518, err_abort=0)
at sftp.c:1145
#2 parse_dispatch_command (conn=0x13fbc0c0, cmd=<value optimized out>,
pwd=0x7fff330ac518, err_abort=0)
at sftp.c:1300
#3 0x0000000000406327 in interactive_loop (conn=0x13fbc0c0,
file1=<value optimized out>,
file2=<value optimized out>) at sftp.c:1990
#4 0x0000000000406913 in main (argc=<value optimized out>,
argv=0x13fbc030) at sftp.c:2273
(gdb)
The problem appears to be that argv[0] is NULL, and there is no check
for this prior to the strcasecmp() call.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list