HomeFreeBSD
Diffusion FreeBSD src repository 69c72a57af84

sftp: avoid leaking path arg in calls to make_absolute_pwd_glob
69c72a57af84
Actions

Description

sftp: avoid leaking path arg in calls to make_absolute_pwd_glob

As Coverity reports:

Overwriting tmp in tmp = make_absolute_pwd_glob(tmp, remote_path)
leaks the storage that tmp points to.

Consume the first arg in make_absolute_pwd_glob, and add xstrdup() to
the one case which did not assign to the same variable that was passed
in. With this change make_absolute() and make_absolute_pwd_glob() have
the same semantics with respect to freeing the input string.

This change was reported to OpenSSH in
https://lists.mindrot.org/pipermail/openssh-unix-dev/2022-November/040497.html
but was not acted on. It appears that OpenBSD subsequently received a
Coverity report for the same issue (their Coverity ID 405196) but fixed
only the specific instance reported by Coverity.

This change reverts OpenBSD's sftp.c 1.228 / OpenSSH-portable
commit 36c6c3eff5e4.

Reported by: Coverity Scan
CID: 1500409
Reviewed by: markj
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37253

Details

Provenance
emasteAuthored on Nov 3 2022, 5:17 PM
Reviewer
markj
Differential Revision
D37253: sftp: avoid leaking path arg in calls to make_absolute_pwd_glob
Parents
rGef0ac973dbc8: bhyve: Sleep briefly in the VMEXIT_DEBUG handler
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
crypto/
openssh/

rG69c72a57af84

View Options

crypto/openssh/sftp.c

Loading...