https://bugzilla.mindrot.org/show_bug.cgi?id=3534
Bug ID: 3534
Summary: probable underflow calculating display width of file
name
Product: Portable OpenSSH
Version: -current
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: scp
Assignee: [email protected]
Reporter: [email protected]
I first found this on Termux on AArch64 Android, but am able to
replicate on x86-64 Ubuntu 20.04.
running:
touch
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.txt
scp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.txt
[email protected]:
gives:
FORTIFY: vsnprintf: size 18446744073709551610 > SSIZE_MAX
Aborted
afaict this is terminal-width-dependent, my terminal has $COLUMNS set
to 120, if i increase my terminal width to 205, then it completes
successfully.
Afaict this bug also occurs in sftp, i was able to crash it by running
the corresponding `put` command from interactive sftp.
I was able to reproduce the scp bug on Ubuntu 20.04.5 LTS on x86-64
where it apparently just prints garbage instead of aborting:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~�
Ubuntu's ssh version:
ssh -V
OpenSSH_8.2p1 Ubuntu-4ubuntu0.5, OpenSSL 1.1.1f 31 Mar 2020
Termux's ssh version:
OpenSSH_9.2p1, OpenSSL 3.0.7 1 Nov 2022
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
