This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 066437187e16dcafcbc19f9402ef0e6575899b1d
Author: millert@openbsd.org <millert@openbsd.org>
Date: Fri Apr 28 03:21:12 2017 +0000
upstream commit
Avoid relying on implementation-specific behavior when
detecting whether the timestamp or file size overflowed. If time_t and off_t
are not either 32-bit or 64-bit scp will exit with an error. OK djm@
Upstream-ID: f31caae73ddab6df496b7bbbf7da431e267ad135
---
scp.c | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/scp.c b/scp.c
index 45541af0..3de743e3 100644
--- a/scp.c
+++ b/scp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.188 2017/04/27 11:53:12 millert Exp $ */
+/* $OpenBSD: scp.c,v 1.189 2017/04/28 03:21:12 millert Exp $ */
/*
* scp - secure remote copy. This is basically patched BSD rcp which
* uses ssh to do the data transfer (instead of using rcmd).
@@ -99,6 +99,7 @@
#include <pwd.h>
#include <signal.h>
#include <stdarg.h>
+#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -915,6 +916,11 @@ rsource(char *name, struct stat *statp)
(void) response();
}
+#define TYPE_OVERFLOW(type, val) \
+ ((sizeof(type) == 4 && (val) > INT32_MAX) || \
+ (sizeof(type) == 8 && (val) > INT64_MAX) || \
+ (sizeof(type) != 4 && sizeof(type) != 8))
+
void
sink(int argc, char **argv)
{
@@ -938,6 +944,9 @@ sink(int argc, char **argv)
#define mtime tv[1]
#define SCREWUP(str) { why = str; goto screwup; }
+ if (TYPE_OVERFLOW(time_t, 0) || TYPE_OVERFLOW(off_t, 0))
+ SCREWUP("Unexpected off_t/time_t size");
+
setimes = targisdir = 0;
mask = umask(0);
if (!pflag)
@@ -996,8 +1005,7 @@ sink(int argc, char **argv)
ull = strtoull(cp, &cp, 10);
if (!cp || *cp++ != ' ')
SCREWUP("mtime.sec not delimited");
- if ((time_t)ull < 0 ||
- (unsigned long long)(time_t)ull != ull)
+ if (TYPE_OVERFLOW(time_t, ull))
setimes = 0; /* out of range */
mtime.tv_sec = ull;
mtime.tv_usec = strtol(cp, &cp, 10);
@@ -1009,8 +1017,7 @@ sink(int argc, char **argv)
ull = strtoull(cp, &cp, 10);
if (!cp || *cp++ != ' ')
SCREWUP("atime.sec not delimited");
- if ((time_t)ull < 0 ||
- (unsigned long long)(time_t)ull != ull)
+ if (TYPE_OVERFLOW(time_t, ull))
setimes = 0; /* out of range */
atime.tv_sec = ull;
atime.tv_usec = strtol(cp, &cp, 10);
@@ -1048,7 +1055,7 @@ sink(int argc, char **argv)
ull = strtoull(cp, &cp, 10);
if (!cp || *cp++ != ' ')
SCREWUP("size not delimited");
- if ((off_t)ull < 0 || (unsigned long long)(off_t)ull != ull)
+ if (TYPE_OVERFLOW(off_t, ull))
SCREWUP("size out of range");
size = (off_t)ull;
--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits
djm pushed a commit to branch master
in repository openssh.
commit 066437187e16dcafcbc19f9402ef0e6575899b1d
Author: millert@openbsd.org <millert@openbsd.org>
Date: Fri Apr 28 03:21:12 2017 +0000
upstream commit
Avoid relying on implementation-specific behavior when
detecting whether the timestamp or file size overflowed. If time_t and off_t
are not either 32-bit or 64-bit scp will exit with an error. OK djm@
Upstream-ID: f31caae73ddab6df496b7bbbf7da431e267ad135
---
scp.c | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/scp.c b/scp.c
index 45541af0..3de743e3 100644
--- a/scp.c
+++ b/scp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.188 2017/04/27 11:53:12 millert Exp $ */
+/* $OpenBSD: scp.c,v 1.189 2017/04/28 03:21:12 millert Exp $ */
/*
* scp - secure remote copy. This is basically patched BSD rcp which
* uses ssh to do the data transfer (instead of using rcmd).
@@ -99,6 +99,7 @@
#include <pwd.h>
#include <signal.h>
#include <stdarg.h>
+#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -915,6 +916,11 @@ rsource(char *name, struct stat *statp)
(void) response();
}
+#define TYPE_OVERFLOW(type, val) \
+ ((sizeof(type) == 4 && (val) > INT32_MAX) || \
+ (sizeof(type) == 8 && (val) > INT64_MAX) || \
+ (sizeof(type) != 4 && sizeof(type) != 8))
+
void
sink(int argc, char **argv)
{
@@ -938,6 +944,9 @@ sink(int argc, char **argv)
#define mtime tv[1]
#define SCREWUP(str) { why = str; goto screwup; }
+ if (TYPE_OVERFLOW(time_t, 0) || TYPE_OVERFLOW(off_t, 0))
+ SCREWUP("Unexpected off_t/time_t size");
+
setimes = targisdir = 0;
mask = umask(0);
if (!pflag)
@@ -996,8 +1005,7 @@ sink(int argc, char **argv)
ull = strtoull(cp, &cp, 10);
if (!cp || *cp++ != ' ')
SCREWUP("mtime.sec not delimited");
- if ((time_t)ull < 0 ||
- (unsigned long long)(time_t)ull != ull)
+ if (TYPE_OVERFLOW(time_t, ull))
setimes = 0; /* out of range */
mtime.tv_sec = ull;
mtime.tv_usec = strtol(cp, &cp, 10);
@@ -1009,8 +1017,7 @@ sink(int argc, char **argv)
ull = strtoull(cp, &cp, 10);
if (!cp || *cp++ != ' ')
SCREWUP("atime.sec not delimited");
- if ((time_t)ull < 0 ||
- (unsigned long long)(time_t)ull != ull)
+ if (TYPE_OVERFLOW(time_t, ull))
setimes = 0; /* out of range */
atime.tv_sec = ull;
atime.tv_usec = strtol(cp, &cp, 10);
@@ -1048,7 +1055,7 @@ sink(int argc, char **argv)
ull = strtoull(cp, &cp, 10);
if (!cp || *cp++ != ' ')
SCREWUP("size not delimited");
- if ((off_t)ull < 0 || (unsigned long long)(off_t)ull != ull)
+ if (TYPE_OVERFLOW(off_t, ull))
SCREWUP("size out of range");
size = (off_t)ull;
--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits