thr3ads.net - openssh bugs - [Bug 2753] New: Access violation of a array in sftp [Aug 2017]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at bugzilla.mindrot.org

2017-Aug-04 21:26 UTC

[Bug 2753] New: Access violation of a array in sftp

https://bugzilla.mindrot.org/show_bug.cgi?id=2753

            Bug ID: 2753
           Summary: Access violation of a array in sftp
           Product: Portable OpenSSH
           Version: 7.5p1
          Hardware: amd64
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sftp
          Assignee: unassigned-bugs at mindrot.org
          Reporter: yawang at microsoft.com

We found this issue when enable application verifier on windows. but we
believe this repros on other OS too.
when the command is: sftp myaccount at 127.0.0.1. optind+1 is 2, which is
not outside the valid index of argv.

2521                    file2 = argv[optind+1];


Suggested fixes:
                if(argc > optind + 1)
2521                    file2 = argv[optind+1];

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2017-Aug-11 03:58 UTC

head link

[Bug 2753] Access violation of a array in sftp

https://bugzilla.mindrot.org/show_bug.cgi?id=2753

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
I think the application verifier is incorrect here.

In this case, optind == argc-1, so file2 will be set to argv[argc].
argv[argc] is defined to be NULL by section 5.1.2.2.1 of the C
standard:

"argv[argc] shall be a null pointer."

http://iso-9899.info/n1570.html#5.1.2.2.1p2

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2018-Apr-06 02:26 UTC

head link

[Bug 2753] Access violation of a array in sftp

https://bugzilla.mindrot.org/show_bug.cgi?id=2753

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after release of OpenSSH 7.7.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

openssh bugs - Aug 2017 - [Bug 2753] New: Access violation of a array in sftp

[Bug 2753] New: Access violation of a array in sftp

[Bug 2753] Access violation of a array in sftp

[Bug 2753] Access violation of a array in sftp