[Bug 2753] New: Access violation of a array in sftp

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Aug 5 07:26:54 AEST 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2753

            Bug ID: 2753
           Summary: Access violation of a array in sftp
           Product: Portable OpenSSH
           Version: 7.5p1
          Hardware: amd64
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sftp
          Assignee: unassigned-bugs at mindrot.org
          Reporter: yawang at microsoft.com

We found this issue when enable application verifier on windows. but we
believe this repros on other OS too.
when the command is: sftp myaccount at 127.0.0.1. optind+1 is 2, which is
not outside the valid index of argv.

2521                    file2 = argv[optind+1];


Suggested fixes:
                if(argc > optind + 1)
2521                    file2 = argv[optind+1];

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list