[Bug 3970] New: sshbuf_load_fd() fail-fast size check is dead code for regular files
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Jun 19 07:23:53 AEST 2026
https://bugzilla.mindrot.org/show_bug.cgi?id=3970
Bug ID: 3970
Summary: sshbuf_load_fd() fail-fast size check is dead code for
regular files
Product: Portable OpenSSH
Version: 10.3p1
Hardware: All
OS: All
Status: NEW
Severity: trivial
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: tessgauthier at microsoft.com
Created attachment 3966
--> https://bugzilla.mindrot.org/attachment.cgi?id=3966&action=edit
sshbuf_load_fd() patch
The file size check, st.st_size > SSHBUF_SIZE_MAX, is never reached
because (st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 evaluates to
false for regular files. Attached is a patch to use S_ISREG(st.st_mode)
instead.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list