bug in scp (OpenSSH)

Markus Friedl markus at openbsd.org
Thu Aug 30 06:23:42 EST 2001 

can you please try this:

Index: scp.c
===================================================================
RCS file: /home/markus/cvs/ssh/scp.c,v
retrieving revision 1.79
diff -U10 -r1.79 scp.c
--- scp.c	2001/08/06 19:47:05	1.79
+++ scp.c	2001/08/29 20:13:09
@@ -1004,20 +1004,21 @@
 		size = blksize;
 	else
 		size = blksize + (stb.st_blksize - blksize % stb.st_blksize) %
 		    stb.st_blksize;
 	if (bp->cnt >= size)
 		return (bp);
 	if (bp->buf == NULL)
 		bp->buf = xmalloc(size);
 	else
 		bp->buf = xrealloc(bp->buf, size);
+	memset(bp->buf, 0, size);
 	bp->cnt = size;
 	return (bp);
 }
 
 void
 lostconn(signo)
 	int signo;
 {
 	if (!iamremote)
 		write(STDERR_FILENO, "lost connection\n", 16);

On Wed, Aug 29, 2001 at 11:16:35AM +0200, Harald Koenig wrote:
> Hi,
> 
> using both OpenSSH_2.5.1p1 (compiled myself) and openssh-2.9p1-23.i386.rpm 
> from ftp.suse.com 7.2_update I get the following "leak" :
> 
> 
> using `scp' I tried to copy a file from a local floppy disk to a
> remote system, but the disk had an read error and scp didn't get
> any real data from floppy:
> 
>         turtle koenig > scp /media/floppy/file.c
>         harald:file.c
>         koenig at harald's password:
>         file.c            0% |                             |            0       00:01
> ==>        /media/floppy/file.c: Input/output error
>         turtle koenig > ssh -V
>         OpenSSH_2.5.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
> 
> note the "Input/output error"!
> 
> unlike with normal `cp', the copied file size wasn't 0 bytes but the regular
> size of the original file (7988 bytes) and the remote file was filled
> with "binary trash".
> 
> BAD: this "binary trash" contained 8 copies of the passwd entry line for my
> account including the encrypted password (we're using NIS) and
> internal phone number.  
> 
> I don't like to copy my (crypted) password to remote sites, do you ???
> 
> 
> 
> Harald
> -- 
> All SCSI disks will from now on                     ___       _____
> be required to send an email notice                0--,|    /OOOOOOO\
> 24 hours prior to complete hardware failure!      <_/  /  /OOOOOOOOOOO\
>                                                     \  \/OOOOOOOOOOOOOOO\
>                                                       \ OOOOOOOOOOOOOOOOO|//
> Harald Koenig,                                         \/\/\/\/\/\/\/\/\/
> Inst.f.Theoret.Astrophysik                              //  /     \\  \
> koenig at tat.physik.uni-tuebingen.de                     ^^^^^       ^^^^^

More information about the openssh-unix-dev mailing list