[Bug 2862] New: "void closefrom(int lowfd)" doesn't handle potential snprintf output truncation correctly
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sun Apr 29 17:37:42 AEST 2018
https://bugzilla.mindrot.org/show_bug.cgi?id=2862
Bug ID: 2862
Summary: "void closefrom(int lowfd)" doesn't handle potential
snprintf output truncation correctly
Product: Portable OpenSSH
Version: 7.7p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: greenrecyclebin at gmail.com
Created attachment 3145
--> https://bugzilla.mindrot.org/attachment.cgi?id=3145&action=edit
Fix check that snprintf succeeded and the output was not truncated
While researching why ssh closes file descriptors > STDERR_FILENO (i.e.
"$ ssh -F <(echo) host" fails with "Can't open user config file
/dev/fd/63: No such file or directory"), I noticed that "void
closefrom(int lowfd)" doesn't handle potential snprintf output
truncation correctly. I've attached a patch that fixes this issue.
A Google search for "closefrom.c,v 1.11" shows that this implementation
is widely reused, e.g. in tmux, or opendoas
(https://pi.duncano.de/git/opendoas/commit/01a8fd6567f520a5e8b0d6262f05c645f02e69a1.html#h2-0-79).
According to
https://github.com/openssh/openssh-portable/commit/d018b2e9c88f6669c68f3343dbbf53e6084e8ff7,
this implementation was adapted from the one included in sudo. However,
I wasn't able to find a release version of sudo
(https://www.sudo.ws/dist/OLD/) that contains "__unused static const
char rcsid[] = "$Sudo: closefrom.c,v 1.11 2006/08/17 15:26:54 millert
Exp $";". (Apparently, it must have existed some time between v1.6.8
and v1.6.9.)
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list