tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-27 07:44:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

- djm@cvs.openbsd.org 2014/06/24 02:21:01

Browse Source 
[scp.c]
     when copying local->remote fails during read, don't send uninitialised
     heap to the remote end. Reported by Jann Horn
This commit is contained in:
Damien Miller 2014-07-02 15:29:01 +10:00
parent 19439e9a2a
commit 1845fe6bda
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -50,6 +50,10 @@
ProxyCommand in use; continue and allow the ProxyCommand to ProxyCommand in use; continue and allow the ProxyCommand to
connect anyway (e.g. to a host with a name outside the DNS connect anyway (e.g. to a host with a name outside the DNS
behind a bastion) behind a bastion)
- djm@cvs.openbsd.org 2014/06/24 02:21:01
[scp.c]
when copying local->remote fails during read, don't send uninitialised
heap to the remote end. Reported by Jann Horn
20140618 20140618
- (tim) [openssh/session.c] Work around to get chroot sftp working on UnixWare - (tim) [openssh/session.c] Work around to get chroot sftp working on UnixWare

10
scp.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: scp.c,v 1.179 2013/11/20 20:53:10 deraadt Exp $ */ /* $OpenBSD: scp.c,v 1.180 2014/06/24 02:21:01 djm Exp $ */
/* /*
* scp - secure remote copy. This is basically patched BSD rcp which * scp - secure remote copy. This is basically patched BSD rcp which
* uses ssh to do the data transfer (instead of using rcmd). * uses ssh to do the data transfer (instead of using rcmd).
@ -747,7 +747,7 @@ source(int argc, char **argv)
static BUF buffer; static BUF buffer;
BUF *bp; BUF *bp;
off_t i, statbytes; off_t i, statbytes;
size_t amt; size_t amt, nr;
int fd = -1, haderr, indx; int fd = -1, haderr, indx;
char *last, *name, buf[2048], encname[MAXPATHLEN]; char *last, *name, buf[2048], encname[MAXPATHLEN];
int len; int len;
@ -820,12 +820,16 @@ next: if (fd != -1) {
if (i + (off_t)amt > stb.st_size) if (i + (off_t)amt > stb.st_size)
amt = stb.st_size - i; amt = stb.st_size - i;
if (!haderr) { if (!haderr) {
if (atomicio(read, fd, bp->buf, amt) != amt) if ((nr = atomicio(read, fd,
bp->buf, amt)) != amt) {
haderr = errno; haderr = errno;
memset(bp->buf + nr, 0, amt - nr);
}
} }
/* Keep writing after error to retain sync */ /* Keep writing after error to retain sync */
if (haderr) { if (haderr) {
(void)atomicio(vwrite, remout, bp->buf, amt); (void)atomicio(vwrite, remout, bp->buf, amt);
memset(bp->buf, 0, amt);
continue; continue;
} }
if (atomicio6(vwrite, remout, bp->buf, amt, scpio, if (atomicio6(vwrite, remout, bp->buf, amt, scpio,