Hi,
using both OpenSSH_2.5.1p1 (compiled myself) and openssh-2.9p1-23.i386.rpm
from ftp.suse.com 7.2_update I get the following "leak" :
using `scp' I tried to copy a file from a local floppy disk to a
remote system, but the disk had an read error and scp didn't get
any real data from floppy:
turtle koenig > scp /media/floppy/file.c
harald:file.c
koenig at harald's password:
file.c 0% | | 0
00:01
==> /media/floppy/file.c: Input/output error
turtle koenig > ssh -V
OpenSSH_2.5.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
note the "Input/output error"!
unlike with normal `cp', the copied file size wasn't 0 bytes but the
regular
size of the original file (7988 bytes) and the remote file was filled
with "binary trash".
BAD: this "binary trash" contained 8 copies of the passwd entry line
for my
account including the encrypted password (we're using NIS) and
internal phone number.
I don't like to copy my (crypted) password to remote sites, do you ???
Harald
--
All SCSI disks will from now on ___ _____
be required to send an email notice 0--,| /OOOOOOO\
24 hours prior to complete hardware failure! <_/ / /OOOOOOOOOOO\
\ \/OOOOOOOOOOOOOOO\
\ OOOOOOOOOOOOOOOOO|//
Harald Koenig, \/\/\/\/\/\/\/\/\/
Inst.f.Theoret.Astrophysik // / \\ \
koenig at tat.physik.uni-tuebingen.de ^^^^^ ^^^^^
can you please try this:
Index: scp.c
==================================================================RCS file:
/home/markus/cvs/ssh/scp.c,v
retrieving revision 1.79
diff -U10 -r1.79 scp.c
--- scp.c 2001/08/06 19:47:05 1.79
+++ scp.c 2001/08/29 20:13:09
@@ -1004,20 +1004,21 @@
size = blksize;
else
size = blksize + (stb.st_blksize - blksize % stb.st_blksize) %
stb.st_blksize;
if (bp->cnt >= size)
return (bp);
if (bp->buf == NULL)
bp->buf = xmalloc(size);
else
bp->buf = xrealloc(bp->buf, size);
+ memset(bp->buf, 0, size);
bp->cnt = size;
return (bp);
}
void
lostconn(signo)
int signo;
{
if (!iamremote)
write(STDERR_FILENO, "lost connection\n", 16);
On Wed, Aug 29, 2001 at 11:16:35AM +0200, Harald Koenig
wrote:> Hi,
>
> using both OpenSSH_2.5.1p1 (compiled myself) and openssh-2.9p1-23.i386.rpm
> from ftp.suse.com 7.2_update I get the following "leak" :
>
>
> using `scp' I tried to copy a file from a local floppy disk to a
> remote system, but the disk had an read error and scp didn't get
> any real data from floppy:
>
> turtle koenig > scp /media/floppy/file.c
> harald:file.c
> koenig at harald's password:
> file.c 0% | | 0
00:01
> ==> /media/floppy/file.c: Input/output error
> turtle koenig > ssh -V
> OpenSSH_2.5.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
>
> note the "Input/output error"!
>
> unlike with normal `cp', the copied file size wasn't 0 bytes but
the regular
> size of the original file (7988 bytes) and the remote file was filled
> with "binary trash".
>
> BAD: this "binary trash" contained 8 copies of the passwd entry
line for my
> account including the encrypted password (we're using NIS) and
> internal phone number.
>
> I don't like to copy my (crypted) password to remote sites, do you ???
>
>
>
> Harald
> --
> All SCSI disks will from now on ___ _____
> be required to send an email notice 0--,| /OOOOOOO\
> 24 hours prior to complete hardware failure! <_/ / /OOOOOOOOOOO\
> \ \/OOOOOOOOOOOOOOO\
> \
OOOOOOOOOOOOOOOOO|//
> Harald Koenig, \/\/\/\/\/\/\/\/\/
> Inst.f.Theoret.Astrophysik // / \\ \
> koenig at tat.physik.uni-tuebingen.de ^^^^^ ^^^^^