1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
From 819ef4f2037490b6aa2e870aea851b6364184090 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 11 Sep 2017 21:13:45 +0200
Subject: [PATCH] scp: do not NUL-terminate the command for remote exec (#208)
It breaks SCP download/upload from/to certain server implementations.
The bug does not manifest with OpenSSH, which silently drops the NUL
byte (eventually with any garbage that follows the NUL byte) before
executing it.
Bug: https://bugzilla.redhat.com/1489736
---
src/scp.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/scp.c b/src/scp.c
index 22778dd..d1665a6 100644
--- a/src/scp.c
+++ b/src/scp.c
@@ -303,8 +303,8 @@ scp_recv(LIBSSH2_SESSION * session, const char *path, libssh2_struct_stat * sb)
&session->scpRecv_command[cmd_len],
session->scpRecv_command_len - cmd_len);
- session->scpRecv_command[cmd_len] = '\0';
- session->scpRecv_command_len = cmd_len + 1;
+ /* the command to exec should _not_ be NUL-terminated */
+ session->scpRecv_command_len = cmd_len;
_libssh2_debug(session, LIBSSH2_TRACE_SCP,
"Opening channel for SCP receive");
@@ -845,8 +845,8 @@ scp_send(LIBSSH2_SESSION * session, const char *path, int mode,
&session->scpSend_command[cmd_len],
session->scpSend_command_len - cmd_len);
- session->scpSend_command[cmd_len] = '\0';
- session->scpSend_command_len = cmd_len + 1;
+ /* the command to exec should _not_ be NUL-terminated */
+ session->scpSend_command_len = cmd_len;
_libssh2_debug(session, LIBSSH2_TRACE_SCP,
"Opening channel for SCP send");
--
2.9.5
|