diff options
| author |   djm <djm@openbsd.org> | 2014-06-24 02:21:01 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2014-06-24 02:21:01 +0000 |
| commit | 1490b445df1278b9aedfefb6f3a9a42fed9f60cd (patch) | |
| tree | a6eeadd611742814ac95c2d662370b4999659b18 | |
| parent | don't fatal() when hostname canonicalisation fails with a (diff) | |
| download | wireguard-openbsd-1490b445df1278b9aedfefb6f3a9a42fed9f60cd.tar.xz wireguard-openbsd-1490b445df1278b9aedfefb6f3a9a42fed9f60cd.zip | |
when copying local->remote fails during read, don't send uninitialised
heap to the remote end. Reported by Jann Horn
| -rw-r--r-- | usr.bin/ssh/scp.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/usr.bin/ssh/scp.c b/usr.bin/ssh/scp.c index e1a6ba94d27..52b0a20c5e9 100644 --- a/usr.bin/ssh/scp.c +++ b/usr.bin/ssh/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.179 2013/11/20 20:53:10 deraadt Exp $ */ +/* $OpenBSD: scp.c,v 1.180 2014/06/24 02:21:01 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -726,7 +726,7 @@ source(int argc, char **argv) static BUF buffer; BUF *bp; off_t i, statbytes; - size_t amt; + size_t amt, nr; int fd = -1, haderr, indx; char *last, *name, buf[2048], encname[MAXPATHLEN]; int len; @@ -799,12 +799,16 @@ next: if (fd != -1) { if (i + (off_t)amt > stb.st_size) amt = stb.st_size - i; if (!haderr) { - if (atomicio(read, fd, bp->buf, amt) != amt) + if ((nr = atomicio(read, fd, + bp->buf, amt)) != amt) { haderr = errno; + memset(bp->buf + nr, 0, amt - nr); + } } /* Keep writing after error to retain sync */ if (haderr) { (void)atomicio(vwrite, remout, bp->buf, amt); + memset(bp->buf, 0, amt); continue; } if (atomicio6(vwrite, remout, bp->buf, amt, scpio, |