bug in scp (OpenSSH)

Markus Friedl markus at openbsd.org
Thu Aug 30 21:15:19 EST 2001


On Thu, Aug 30, 2001 at 12:29:50PM +0200, Harald Koenig wrote:
> On Aug 29, Markus Friedl wrote:
> 
> > can you please try this:
> 
> well, this "fixes" (works around) the passwd leakage, but nothing more.
> 
> it still copies the file with wrong "contents" (all zeros now) and still 
> doesn't handle the I/O error correctly (which IMHO means it should 
> stop writing/copying like cp(1) and most other tools do).

this is the way rcp protocol works.

> > Index: scp.c
> > ===================================================================
> > RCS file: /home/markus/cvs/ssh/scp.c,v
> > retrieving revision 1.79
> > diff -U10 -r1.79 scp.c
> > --- scp.c	2001/08/06 19:47:05	1.79
> > +++ scp.c	2001/08/29 20:13:09
> > @@ -1004,20 +1004,21 @@
> >  		size = blksize;
> >  	else
> >  		size = blksize + (stb.st_blksize - blksize % stb.st_blksize) %
> >  		    stb.st_blksize;
> >  	if (bp->cnt >= size)
> >  		return (bp);
> >  	if (bp->buf == NULL)
> >  		bp->buf = xmalloc(size);
> >  	else
> >  		bp->buf = xrealloc(bp->buf, size);
> > +	memset(bp->buf, 0, size);
> >  	bp->cnt = size;
> >  	return (bp);
> >  }
> >  
> >  void
> >  lostconn(signo)
> >  	int signo;
> >  {
> >  	if (!iamremote)
> >  		write(STDERR_FILENO, "lost connection\n", 16);
> > 
> 
> 
> Harald
> -- 
> All SCSI disks will from now on                     ___       _____
> be required to send an email notice                0--,|    /OOOOOOO\
> 24 hours prior to complete hardware failure!      <_/  /  /OOOOOOOOOOO\
>                                                     \  \/OOOOOOOOOOOOOOO\
>                                                       \ OOOOOOOOOOOOOOOOO|//
> Harald Koenig,                                         \/\/\/\/\/\/\/\/\/
> Inst.f.Theoret.Astrophysik                              //  /     \\  \
> koenig at tat.physik.uni-tuebingen.de                     ^^^^^       ^^^^^



More information about the openssh-unix-dev mailing list