bugzilla-daemon at bugzilla.mindrot.org
2011-Dec-07 19:03 UTC
[Bug 1956] New: sftp segfaults in parse_args() when argv[0] is NULL
https://bugzilla.mindrot.org/show_bug.cgi?id=1956 Bug #: 1956 Summary: sftp segfaults in parse_args() when argv[0] is NULL Classification: Unclassified Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sftp AssignedTo: unassigned-bugs at mindrot.org ReportedBy: imorgan at nas.nasa.gov If sftp is built without libedit support, a segfault can occur in parse_args() when argv[0] equals NULL. This can be triggered by entering ^L (followed by <enter>) on a blank line. Connected to alex. sftp> ^L Segmentation fault (core dumped) The backtrace from gdb shows: #0 0x0000003af267c100 in strcasecmp () from /lib64/libc.so.6 #1 0x0000000000404dd2 in parse_args (conn=0x13fbc0c0, cmd=<value optimized out>, pwd=0x7fff330ac518, err_abort=0) at sftp.c:1145 #2 parse_dispatch_command (conn=0x13fbc0c0, cmd=<value optimized out>, pwd=0x7fff330ac518, err_abort=0) at sftp.c:1300 #3 0x0000000000406327 in interactive_loop (conn=0x13fbc0c0, file1=<value optimized out>, file2=<value optimized out>) at sftp.c:1990 #4 0x0000000000406913 in main (argc=<value optimized out>, argv=0x13fbc030) at sftp.c:2273 (gdb) The problem appears to be that argv[0] is NULL, and there is no check for this prior to the strcasecmp() call. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Dec-10 20:46 UTC
[Bug 1956] sftp segfaults in parse_args() when argv[0] is NULL
https://bugzilla.mindrot.org/show_bug.cgi?id=1956 --- Comment #1 from Loganaden Velvindron <loganaden at gmail.com> 2011-12-11 07:46:51 EST --- Created attachment 2117 --> https://bugzilla.mindrot.org/attachment.cgi?id=2117 return -1 when argv[0] is NULL instead of continuing further when argv[0] is set to NULL, return -1. This fixes the segfault. I'm still looking into what causes its value to be set to NULL. Thanks to Eldergod Selven who allowed me to play with his iMac ;-) -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Dec-15 09:07 UTC
[Bug 1956] sftp segfaults in parse_args() when argv[0] is NULL
https://bugzilla.mindrot.org/show_bug.cgi?id=1956 Loganaden Velvindron <loganaden at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |loganaden at gmail.com --- Comment #2 from Loganaden Velvindron <loganaden at gmail.com> 2011-12-15 20:07:30 EST --- I can reproduce it with a small number of control character. e.g ^L, ^K, ^P. If I mix them with alphabetic characters, it also segfaults. e.g A^L, B^K. In all the cases, argv[0] is NULL. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Feb-24 00:33 UTC
[Bug 1956] sftp segfaults in parse_args() when argv[0] is NULL
https://bugzilla.mindrot.org/show_bug.cgi?id=1956 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org Blocks| |1986 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
Reasonably Related Threads
- optparse::parse_args, using equals sign or not
- [Bug 1541] New: sftp: the do_stat() failure is ignored for chown, chgrp ops. in parse_dispatch_command()
- [Bug 2140] New: Capsicum support for FreeBSD 10 (-current)
- [Bug 1949] New: PermitOpen none option
- [Bug 2163] New: unchecked returned value from pam_get_item()