Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 901489 - net-misc/openssh-9.2_p1-r2: buffer overflow in scp progress meter
Summary: net-misc/openssh-9.2_p1-r2: buffer overflow in scp progress meter
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo's Team for Core System packages
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-03-16 17:04 UTC by Sergey 'L29Ah' Alirzaev
Modified: 2023-03-17 22:26 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
emerge --info (emerge.info,19.50 KB, text/plain)
2023-03-16 17:04 UTC, Sergey 'L29Ah' Alirzaev 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sergey 'L29Ah' Alirzaev 2023-03-16 17:04:26 UTC 
Created attachment 858013 [details]
emerge --info

when i do

scp ИГРОФИЛЬМ\ |\ ATOMIC\ HEART\ ➤\ Полное\ Прохождение\ Без\ Комментариев\ \[4K\]\ ➤\ ФИЛЬМ\ Атомик\ Харт\ На\ Русском\ \[vh0WcmRbh_g\].webm whaf:/media/data/Films/

in a small window, it crashes:

*** buffer overflow detected ***: terminated
zsh: IOT instruction (core dumped)

Works fine when the terminal window is big enough to fit everything in one line. Maybe scp breaks some unicode character in the middle, dunno.

(gdb) bt
#0  0x00007fef4a6c7c4c in __pthread_kill_implementation () from /lib64/libc.so.6
#1  0x00007fef4a6790c6 in raise () from /lib64/libc.so.6
#2  0x00007fef4a66287c in abort () from /lib64/libc.so.6
#3  0x00007fef4a66377f in __libc_message.cold () from /lib64/libc.so.6
#4  0x00007fef4a75706b in __fortify_fail () from /lib64/libc.so.6
#5  0x00007fef4a755856 in __chk_fail () from /lib64/libc.so.6
#6  0x00007fef4a75541d in __snprintf_chk () from /lib64/libc.so.6
#7  0x000055e526dbb935 in refresh_progress_meter ()
#8  0x000055e526dbbf64 in start_progress_meter ()
#9  0x000055e526dc3c21 in do_upload ()
#10 0x000055e526dba38e in source_sftp ()
#11 0x000055e526dbb407 in toremote ()
#12 0x000055e526db592a in main ()
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-03-16 17:09:17 UTC 
Thanks. Let's call this a security bug for a moment.

Could you enable installsources on openssh too? Also, fancy reporting upstream by emailing openssh@openssh.com and CCing sam@gentoo.org and security@gentoo.org? I'll try reproduce later too.
Comment 2 Sergey 'L29Ah' Alirzaev 2023-03-16 21:20:52 UTC 
https://bugzilla.mindrot.org/show_bug.cgi?id=3534 suggests this is in fact fixed in the latest openssh release: https://www.openssh.com/releasenotes.html
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-03-16 22:07:38 UTC 
(upstream didn't treat that bug as a sec. issue, so I don't suspect this one is.)

Thanks!
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-03-17 22:26:19 UTC 
9.3 is in tree & kw'd now. Thanks!