On Tue, 13 Dec 2022, Chris Rapier wrote:> Ah, I was missing that it was bringing in those values from sftp-client.h. > > A couple of things > > > +++ b/scp.c > > @@ -96,6 +96,7 @@ > > #include <time.h> > > #include <unistd.h> > > #include <limits.h> > > +#include <util.h> > > #include <vis.h> > > Is util.h a BSD library? My linux distro doesn't seem to have it. I did find > it in FreeBSD but it doesn't seem necessary in linux unless it's a security > feature.Yes, libutil is a BSD library. It's included in libopenbsd-compat for portable OpenSSH.> > + case 'X': > > + /* Please keep in sync with sftp.c -X */ > > + if (strncmp(optarg, "buffer=", 7) == 0) { > > + r = scan_scaled(optarg + 7, &llv); > > + if (r == 0 && (llv <= 0 || llv > 256 * 1024)) > > { > > + r = -1; > > + errno = EINVAL; > > It seems that 256 * 1024 is too large here. > > "./scp -Xbuffer=262144 ~/50GB kilo:~ > scp: Outbound message too long 262169"so don't do that :) I'm only trying to stop the user wasting so much memory as to cause problems for the system here. -d
On 12/13/22 3:15 PM, Damien Miller wrote:> On Tue, 13 Dec 2022, Chris Rapier wrote: > >> Ah, I was missing that it was bringing in those values from sftp-client.h. >> >> A couple of things >> >>> +++ b/scp.c >>> @@ -96,6 +96,7 @@ >>> #include <time.h> >>> #include <unistd.h> >>> #include <limits.h> >>> +#include <util.h> >>> #include <vis.h> >> >> Is util.h a BSD library? My linux distro doesn't seem to have it. I did find >> it in FreeBSD but it doesn't seem necessary in linux unless it's a security >> feature. > > Yes, libutil is a BSD library. It's included in libopenbsd-compat for > portable OpenSSH.I'm not seeing it in V_9_1_P1. The only place it's referenced is in bsd-openpty.c and there it's wrapped in ifdefs. It being elided out doesn't seem to have an impact but I'm not sure of the purpose in this context.>> It seems that 256 * 1024 is too large here. >> >> "./scp -Xbuffer=262144 ~/50GB kilo:~ >> scp: Outbound message too long 262169" > > so don't do that :) I'm only trying to stop the user wasting so much memory > as to cause problems for the system here.Ha! I might modify that a bit for hpnssh but ya know, different audiences. I know I'm going to get some 'poweruser' who is going to try pushing that as far as they can and then sending me a bug report :) (and the irony of that is not lost on me) Chris