Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 18 Jan 2002 00:56:21 -0800 (PST)
From:      Eugene Podkopaev <eugene@emetex.ru>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   misc/34019: sftp core dumped
Message-ID:  <200201180856.g0I8uLX23652@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         34019
>Category:       misc
>Synopsis:       sftp core dumped
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 18 01:00:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Eugene Podkopaev
>Release:        4.5-PRERELEASE
>Organization:
JSC EMETEX
>Environment:
FreeBSD selena 4.5-PRERELEASE FreeBSD 4.5-PRERELEASE #4: Tue Jan  8 13:07:29 MSK  2002     root@selena:/usr/obj/usr/src/sys/SELENA  i386
>Description:
sftp crashes when I try to upload nonexisting file.
>How-To-Repeat:
ssh_config:
   Host *
   Protocol 2,1

sshd_config:
   Port 22
   Protocol 2
   ListenAddress 192.168.0.1
   ListenAddress 195.2.80.100
   HostKey /etc/ssh/ssh_host_key
   HostKey /etc/ssh/ssh_host_dsa_key
   ServerKeyBits 768
   LoginGraceTime 120
   KeyRegenerationInterval 3600
   PermitRootLogin yes
   MaxStartups 10:30:60
   IgnoreRhosts yes
   RhostsRSAAuthentication
   StrictModes yes
   X11Forwarding yes
   X11DisplayOffset 10
   PrintMotd yes
   KeepAlive yes
   SyslogFacility AUTH
   LogLevel INFO
   RhostsAuthentication no
   RhostsRSAAuthentication no
   HostbasedAuthentication no
   RSAAuthentication yes
   PasswordAuthentication no
   PermitEmptyPasswords no
   CheckMail no
   Subsystem	sftp	/usr/libexec/sftp-server

How to repeat:

# sftp selena.emetex.ru
Connecting to selena.emetex.ru...
sftp> put nonexisting
Segmentation fault (core dumped)
#

>Fix:
Patch:

--- crypto/openssh/sftp-int.c.orig	Fri Jan 18 11:36:22 2002
+++ crypto/openssh/sftp-int.c	Fri Jan 18 11:49:18 2002
@@ -436,7 +436,7 @@
 
 	memset(&g, 0, sizeof(g));
 	debug3("Looking up %s", src);
-	if (glob(src, 0, NULL, &g)) {
+	if (glob(src, 0, NULL, &g) || !g.gl_pathc) {
 		error("File \"%s\" not found.", src);
 		err = -1;
 		goto out;

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201180856.g0I8uLX23652>