bug in scp (OpenSSH)
Harald Koenig
koenig at tat.physik.uni-tuebingen.de
Thu Aug 30 20:29:50 EST 2001
On Aug 29, Markus Friedl wrote:
> can you please try this:
well, this "fixes" (works around) the passwd leakage, but nothing more.
it still copies the file with wrong "contents" (all zeros now) and still
doesn't handle the I/O error correctly (which IMHO means it should
stop writing/copying like cp(1) and most other tools do).
> Index: scp.c
> ===================================================================
> RCS file: /home/markus/cvs/ssh/scp.c,v
> retrieving revision 1.79
> diff -U10 -r1.79 scp.c
> --- scp.c 2001/08/06 19:47:05 1.79
> +++ scp.c 2001/08/29 20:13:09
> @@ -1004,20 +1004,21 @@
> size = blksize;
> else
> size = blksize + (stb.st_blksize - blksize % stb.st_blksize) %
> stb.st_blksize;
> if (bp->cnt >= size)
> return (bp);
> if (bp->buf == NULL)
> bp->buf = xmalloc(size);
> else
> bp->buf = xrealloc(bp->buf, size);
> + memset(bp->buf, 0, size);
> bp->cnt = size;
> return (bp);
> }
>
> void
> lostconn(signo)
> int signo;
> {
> if (!iamremote)
> write(STDERR_FILENO, "lost connection\n", 16);
>
Harald
--
All SCSI disks will from now on ___ _____
be required to send an email notice 0--,| /OOOOOOO\
24 hours prior to complete hardware failure! <_/ / /OOOOOOOOOOO\
\ \/OOOOOOOOOOOOOOO\
\ OOOOOOOOOOOOOOOOO|//
Harald Koenig, \/\/\/\/\/\/\/\/\/
Inst.f.Theoret.Astrophysik // / \\ \
koenig at tat.physik.uni-tuebingen.de ^^^^^ ^^^^^
More information about the openssh-unix-dev
mailing list