bug in scp (OpenSSH)
Markus Friedl
markus at openbsd.org
Thu Aug 30 21:15:19 EST 2001
On Thu, Aug 30, 2001 at 12:29:50PM +0200, Harald Koenig wrote:
> On Aug 29, Markus Friedl wrote:
>
> > can you please try this:
>
> well, this "fixes" (works around) the passwd leakage, but nothing more.
>
> it still copies the file with wrong "contents" (all zeros now) and still
> doesn't handle the I/O error correctly (which IMHO means it should
> stop writing/copying like cp(1) and most other tools do).
this is the way rcp protocol works.
> > Index: scp.c
> > ===================================================================
> > RCS file: /home/markus/cvs/ssh/scp.c,v
> > retrieving revision 1.79
> > diff -U10 -r1.79 scp.c
> > --- scp.c 2001/08/06 19:47:05 1.79
> > +++ scp.c 2001/08/29 20:13:09
> > @@ -1004,20 +1004,21 @@
> > size = blksize;
> > else
> > size = blksize + (stb.st_blksize - blksize % stb.st_blksize) %
> > stb.st_blksize;
> > if (bp->cnt >= size)
> > return (bp);
> > if (bp->buf == NULL)
> > bp->buf = xmalloc(size);
> > else
> > bp->buf = xrealloc(bp->buf, size);
> > + memset(bp->buf, 0, size);
> > bp->cnt = size;
> > return (bp);
> > }
> >
> > void
> > lostconn(signo)
> > int signo;
> > {
> > if (!iamremote)
> > write(STDERR_FILENO, "lost connection\n", 16);
> >
>
>
> Harald
> --
> All SCSI disks will from now on ___ _____
> be required to send an email notice 0--,| /OOOOOOO\
> 24 hours prior to complete hardware failure! <_/ / /OOOOOOOOOOO\
> \ \/OOOOOOOOOOOOOOO\
> \ OOOOOOOOOOOOOOOOO|//
> Harald Koenig, \/\/\/\/\/\/\/\/\/
> Inst.f.Theoret.Astrophysik // / \\ \
> koenig at tat.physik.uni-tuebingen.de ^^^^^ ^^^^^
More information about the openssh-unix-dev
mailing list