mirror of
git://anongit.mindrot.org/openssh.git
synced 2025-01-03 08:12:05 +00:00
- djm@cvs.openbsd.org 2014/06/24 02:21:01
[scp.c] when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
This commit is contained in:
parent
19439e9a2a
commit
1845fe6bda
@ -50,6 +50,10 @@
|
||||
ProxyCommand in use; continue and allow the ProxyCommand to
|
||||
connect anyway (e.g. to a host with a name outside the DNS
|
||||
behind a bastion)
|
||||
- djm@cvs.openbsd.org 2014/06/24 02:21:01
|
||||
[scp.c]
|
||||
when copying local->remote fails during read, don't send uninitialised
|
||||
heap to the remote end. Reported by Jann Horn
|
||||
|
||||
20140618
|
||||
- (tim) [openssh/session.c] Work around to get chroot sftp working on UnixWare
|
||||
|
10
scp.c
10
scp.c
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: scp.c,v 1.179 2013/11/20 20:53:10 deraadt Exp $ */
|
||||
/* $OpenBSD: scp.c,v 1.180 2014/06/24 02:21:01 djm Exp $ */
|
||||
/*
|
||||
* scp - secure remote copy. This is basically patched BSD rcp which
|
||||
* uses ssh to do the data transfer (instead of using rcmd).
|
||||
@ -747,7 +747,7 @@ source(int argc, char **argv)
|
||||
static BUF buffer;
|
||||
BUF *bp;
|
||||
off_t i, statbytes;
|
||||
size_t amt;
|
||||
size_t amt, nr;
|
||||
int fd = -1, haderr, indx;
|
||||
char *last, *name, buf[2048], encname[MAXPATHLEN];
|
||||
int len;
|
||||
@ -820,12 +820,16 @@ next: if (fd != -1) {
|
||||
if (i + (off_t)amt > stb.st_size)
|
||||
amt = stb.st_size - i;
|
||||
if (!haderr) {
|
||||
if (atomicio(read, fd, bp->buf, amt) != amt)
|
||||
if ((nr = atomicio(read, fd,
|
||||
bp->buf, amt)) != amt) {
|
||||
haderr = errno;
|
||||
memset(bp->buf + nr, 0, amt - nr);
|
||||
}
|
||||
}
|
||||
/* Keep writing after error to retain sync */
|
||||
if (haderr) {
|
||||
(void)atomicio(vwrite, remout, bp->buf, amt);
|
||||
memset(bp->buf, 0, amt);
|
||||
continue;
|
||||
}
|
||||
if (atomicio6(vwrite, remout, bp->buf, amt, scpio,
|
||||
|
Loading…
Reference in New Issue
Block a user