[Bug 3534] New: probable underflow calculating display width of file name

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Feb 7 05:34:08 AEDT 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=3534

            Bug ID: 3534
           Summary: probable underflow calculating display width of file
                    name
           Product: Portable OpenSSH
           Version: -current
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: scp
          Assignee: unassigned-bugs at mindrot.org
          Reporter: programmerjake at gmail.com

I first found this on Termux on AArch64 Android, but am able to
replicate on x86-64 Ubuntu 20.04.

running:
touch
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.txt
scp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.txt
jacob at 192.168.1.141:

gives:
FORTIFY: vsnprintf: size 18446744073709551610 > SSIZE_MAX
Aborted

afaict this is terminal-width-dependent, my terminal has $COLUMNS set
to 120, if i increase my terminal width to 205, then it completes
successfully.

Afaict this bug also occurs in sftp, i was able to crash it by running
the corresponding `put` command from interactive sftp.

I was able to reproduce the scp bug on Ubuntu 20.04.5 LTS on x86-64
where it apparently just prints garbage instead of aborting:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~�

Ubuntu's ssh version:
ssh -V
OpenSSH_8.2p1 Ubuntu-4ubuntu0.5, OpenSSL 1.1.1f  31 Mar 2020
Termux's ssh version:
OpenSSH_9.2p1, OpenSSL 3.0.7 1 Nov 2022

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list