[Bug 3534] New: probable underflow calculating display width of file name
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Feb 7 05:34:08 AEDT 2023
https://bugzilla.mindrot.org/show_bug.cgi?id=3534
Bug ID: 3534
Summary: probable underflow calculating display width of file
name
Product: Portable OpenSSH
Version: -current
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: scp
Assignee: unassigned-bugs at mindrot.org
Reporter: programmerjake at gmail.com
I first found this on Termux on AArch64 Android, but am able to
replicate on x86-64 Ubuntu 20.04.
running:
touch
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.txt
scp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.txt
jacob at 192.168.1.141:
gives:
FORTIFY: vsnprintf: size 18446744073709551610 > SSIZE_MAX
Aborted
afaict this is terminal-width-dependent, my terminal has $COLUMNS set
to 120, if i increase my terminal width to 205, then it completes
successfully.
Afaict this bug also occurs in sftp, i was able to crash it by running
the corresponding `put` command from interactive sftp.
I was able to reproduce the scp bug on Ubuntu 20.04.5 LTS on x86-64
where it apparently just prints garbage instead of aborting:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~�
Ubuntu's ssh version:
ssh -V
OpenSSH_8.2p1 Ubuntu-4ubuntu0.5, OpenSSL 1.1.1f 31 Mar 2020
Termux's ssh version:
OpenSSH_9.2p1, OpenSSL 3.0.7 1 Nov 2022
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list