[Bug 3970] New: sshbuf_load_fd() fail-fast size check is dead code for regular files

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Jun 19 07:23:53 AEST 2026


https://bugzilla.mindrot.org/show_bug.cgi?id=3970

            Bug ID: 3970
           Summary: sshbuf_load_fd() fail-fast size check is dead code for
                    regular files
           Product: Portable OpenSSH
           Version: 10.3p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: trivial
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: tessgauthier at microsoft.com

Created attachment 3966
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3966&action=edit
sshbuf_load_fd() patch

The file size check, st.st_size > SSHBUF_SIZE_MAX, is never reached
because (st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 evaluates to
false for regular files. Attached is a patch to use S_ISREG(st.st_mode)
instead.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list