[openssh-commits] [openssh] branch master updated (36857fef -> a061792a)

git+noreply at mindrot.org git+noreply at mindrot.org
Thu Jul 14 19:23:46 AEST 2022 

This is an automated email from the git hooks/post-receive script.

dtucker pushed a change to branch master
in repository openssh.

      from  36857fef  Split README.platform into its own line.
       new  527cb43f  Return ERANGE from getcwd() if buffer size is 1.
       new  a061792a  Remove unintended changes.

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit a061792a6e8d235fc40a9b5d4c22a1762bb75a7b
Author: Darren Tucker <dtucker at dtucker.net>
Date:   Thu Jul 14 19:20:24 2022 +1000

    Remove unintended changes.
    
    I inadvertently included a couple of local changes with the OpenSSL
    3.0.4 change.  Revert, anything that should be there will be committed
    separately.

commit 527cb43fa1b4e55df661feabbac51b8e608b6519
Author: Darren Tucker <dtucker at dtucker.net>
Date:   Thu Jul 14 11:22:08 2022 +1000

    Return ERANGE from getcwd() if buffer size is 1.
    
    If getcwd() is supplied a buffer size of exactly 1 and a path of "/", it
    could result in a nul byte being written out of array bounds.  POSIX says
    it should return ERANGE if the path will not fit in the available buffer
    (with terminating nul). 1 byte cannot fit any possible path with its nul,
    so immediately return ERANGE in that case.
    
    OpenSSH never uses getcwd() with this buffer size, and all current
    (and even quite old) platforms that we are currently known to work
    on have a native getcwd() so this code is not used on those anyway.
    Reported by Qualys, ok djm@

Summary of changes:
 openbsd-compat/getcwd.c |  5 ++++-
 regress/keyscan.sh      | 13 -------------
 sftp-server-main.c      |  2 ++
 3 files changed, 6 insertions(+), 14 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list