bugzilla-daemon at mindrot.org
2014-Apr-29 08:35 UTC
[Bug 2238] New: sftp exits on bad tab completion
https://bugzilla.mindrot.org/show_bug.cgi?id=2238
Bug ID: 2238
Summary: sftp exits on bad tab completion
Product: Portable OpenSSH
Version: 6.6p1
Hardware: All
OS: OpenBSD
Status: NEW
Severity: minor
Priority: P5
Component: sftp
Assignee: unassigned-bugs at mindrot.org
Reporter: anthony at cathet.us
Enter a nonexistent filename ending with ' and press tab.
sftp will exit with "el_insertstr failed."
E.g.,
sftp> get /us'
next, hit tab
result:
sftp> get /us'el_insertstr failed.
$
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2014-Apr-29 08:37 UTC
[Bug 2238] sftp exits on bad tab completion
https://bugzilla.mindrot.org/show_bug.cgi?id=2238
Anthony J. Bentley <anthony at cathet.us> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |anthony at cathet.us
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2014-Apr-29 15:17 UTC
[Bug 2238] sftp exits on bad tab completion
https://bugzilla.mindrot.org/show_bug.cgi?id=2238
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at zip.com.au
--- Comment #1 from Darren Tucker <dtucker at zip.com.au> ---
Which version of OpenBSD is this, and are you using the native openssh
or -portable compiled for it?
I can reproduce on openbsd 5.4. I can't reproduce on openbsd-current
with either the native sftp or -portable, nor on Linux with
libedit-20130712-3.1. I suspect it's a libedit bug.
If I stick an abort() into the fatal function here's where it's
failing:
sftp> get /us'el_insertstr failed.
Program received signal SIGABRT, Aborted.
0x03e6443d in kill () at <stdin>:2
2 <stdin>: No such file or directory.
in <stdin>
Current language: auto; currently asm
(gdb) bt
#0 0x03e6443d in kill () at <stdin>:2
#1 0x03ece9d6 in raise (s=6) at /usr/src/lib/libc/gen/raise.c:39
#2 0x03ece8fc in abort () at /usr/src/lib/libc/stdlib/abort.c:70
#3 0x163168ff in fatal (fmt=Could not find the frame base for
"fatal".
) at fatal.c:44
#4 0x1630fd42 in complete (el=0x7cad9000, ch=9) at sftp.c:1914
#5 0x0cdece27 in el_wgets (el=0x7cad9000, nread=0xcfbca410) at
read.c:612
#6 0x0cded25d in el_gets (el=0x7cad9000, nread=0xcfbca410) at eln.c:78
#7 0x1630e204 in interactive_loop (conn=0x788c3a00, file1=0x0,
file2=0x0)
at sftp.c:2097
#8 0x1630eeb2 in main (argc=2, argv=0xcfbcad2c) at sftp.c:2410
(gdb) frame 7
#7 0x1630e204 in interactive_loop (conn=0x788c3a00, file1=0x0,
file2=0x0)
at sftp.c:2097
2097 if ((line = el_gets(el, &count)) =NULL ||
Current language: auto; currently c
(gdb) list
2092 } else {
2093 #ifdef USE_LIBEDIT
2094 const char *line;
2095 int count = 0;
2096
2097 if ((line = el_gets(el, &count)) =NULL ||
2098 count <= 0) {
2099 printf("\n");
2100 break;
2101 }
(gdb) bt
#0 0x03e6443d in kill () at <stdin>:2
#1 0x03ece9d6 in raise (s=6) at /usr/src/lib/libc/gen/raise.c:39
#2 0x03ece8fc in abort () at /usr/src/lib/libc/stdlib/abort.c:70
#3 0x163168ff in fatal (fmt=Could not find the frame base for
"fatal".
) at fatal.c:44
#4 0x1630fd42 in complete (el=0x7cad9000, ch=9) at sftp.c:1914
#5 0x0cdece27 in el_wgets (el=0x7cad9000, nread=0xcfbca410) at
read.c:612
#6 0x0cded25d in el_gets (el=0x7cad9000, nread=0xcfbca410) at eln.c:78
#7 0x1630e204 in interactive_loop (conn=0x788c3a00, file1=0x0,
file2=0x0)
at sftp.c:2097
#8 0x1630eeb2 in main (argc=2, argv=0xcfbcad2c) at sftp.c:2410
(gdb) frame 4
#4 0x1630fd42 in complete (el=0x7cad9000, ch=9) at sftp.c:1914
1914 fatal("el_insertstr failed.");
(gdb) list
1909 if (*(lf->cursor - 1) != '/' &&
1910 (lastarg || *(lf->cursor) != ' '))
1911 ins[i++] = ' ';
1912 ins[i] = '\0';
1913 if (i > 0 && el_insertstr(el, ins) == -1)
1914 fatal("el_insertstr failed.");
1915 }
1916 free(tmp);
1917
1918 out:
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2014-Apr-29 15:36 UTC
[Bug 2238] sftp exits on bad tab completion
https://bugzilla.mindrot.org/show_bug.cgi?id=2238 --- Comment #2 from Darren Tucker <dtucker at zip.com.au> --- disregard the "cannot reproduce" bits, that was due to a local .editrc turning off editing, a leftover from the last editline bug I looked at. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2014-Apr-29 17:51 UTC
[Bug 2238] sftp exits on bad tab completion
https://bugzilla.mindrot.org/show_bug.cgi?id=2238
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2433| |ok?(djm at mindrot.org)
Flags| |
CC| |djm at mindrot.org
--- Comment #3 from Darren Tucker <dtucker at zip.com.au> ---
Created attachment 2433
--> https://bugzilla.mindrot.org/attachment.cgi?id=2433&action=edit
only append quote character if non-nul
Please try this patch.
I think I figured it out: the string is considered unterminated
(because there's an unbalanced number of quotes, but the string isn't
considered quoted (because it doesn't start with a quote). In this
case, sftp appends the "quote" character (which happens to be nul)
then
tries calls editline to append this nul string to the line, which
fails.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2014-Apr-29 17:51 UTC
[Bug 2238] sftp exits on bad tab completion
https://bugzilla.mindrot.org/show_bug.cgi?id=2238
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |2226
OS|OpenBSD |All
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2014-Apr-29 22:57 UTC
[Bug 2238] sftp exits on bad tab completion
https://bugzilla.mindrot.org/show_bug.cgi?id=2238
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2433|ok?(djm at mindrot.org) |ok+
Flags| |
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2014-Apr-29 23:14 UTC
[Bug 2238] sftp exits on bad tab completion
https://bugzilla.mindrot.org/show_bug.cgi?id=2238
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #4 from Darren Tucker <dtucker at zip.com.au> ---
Patch committed and will be in 6.7.
Thanks for the report.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2014-Oct-07 21:00 UTC
[Bug 2238] sftp exits on bad tab completion
https://bugzilla.mindrot.org/show_bug.cgi?id=2238
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #5 from Damien Miller <djm at mindrot.org> ---
Close all bugs left open from 6.6 and 6.7 releases.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
Possibly Parallel Threads
- [Bug 1990] sftp segfaults when tab-completing a directory which contains umlauts
- [Bug 1990] sftp segfaults when tab-completing a directory which contains umlauts
- ISDN PBX + IVR + Voicemail Configuration - Sanity Check ...
- [klibc:update-dash] input: Fix here-document redirection with vi/emacs on
- [klibc:update-dash] dash: input: Fix here-document redirection with vi/emacs on