[openssh-commits] [openssh] 03/03: upstream: during sftp uploads, avoid a condition where a failed write

git+noreply at mindrot.org git+noreply at mindrot.org
Tue Sep 30 10:58:46 AEST 2025 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 2c504a74ed81d13c8198a89ed1040d0fc5f73129
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Tue Sep 30 00:10:42 2025 +0000

    upstream: during sftp uploads, avoid a condition where a failed write
    
    could be ignored if a subsequent write succeeded.
    
    This is unlikely but technically possible because sftp servers are
    allowed to reorder requests.
    
    Reported by Graziano Stefani, ok tb@
    
    OpenBSD-Commit-ID: 03904bce2c7f787223d01d7e1179fde15753eca3
---
 sftp-client.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/sftp-client.c b/sftp-client.c
index 911fbfee9..840170ab6 100644
--- a/sftp-client.c
+++ b/sftp-client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-client.c,v 1.179 2025/09/15 05:17:37 djm Exp $ */
+/* $OpenBSD: sftp-client.c,v 1.180 2025/09/30 00:10:42 djm Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller <djm at openbsd.org>
  *
@@ -2032,7 +2032,7 @@ sftp_upload(struct sftp_conn *conn, const char *local_path,
     int fsync_flag, int inplace_flag)
 {
 	int r, local_fd;
-	u_int openmode, id, status = SSH2_FX_OK, reordered = 0;
+	u_int openmode, id, status = SSH2_FX_OK, status2, reordered = 0;
 	off_t offset, progress_counter;
 	u_char type, *handle, *data;
 	struct sshbuf *msg;
@@ -2170,9 +2170,11 @@ sftp_upload(struct sftp_conn *conn, const char *local_path,
 				fatal("Expected SSH2_FXP_STATUS(%d) packet, "
 				    "got %d", SSH2_FXP_STATUS, type);
 
-			if ((r = sshbuf_get_u32(msg, &status)) != 0)
+			if ((r = sshbuf_get_u32(msg, &status2)) != 0)
 				fatal_fr(r, "parse status");
-			debug3("SSH2_FXP_STATUS %u", status);
+			debug3("SSH2_FXP_STATUS %u", status2);
+			if (status2 != SSH2_FX_OK)
+				status = status2; /* remember errors */
 
 			/* Find the request in our queue */
 			if ((ack = request_find(&acks, rid)) == NULL)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list