[illumos-Developer] Webrev for bug 1102: Resource exhaustion in sftp client
Gary Mills
mills at cc.umanitoba.ca
Fri Jun 10 08:05:25 PDT 2011
This is for illumos bug 1102: Resource exhaustion in sftp client.
It's essentially the netbsd patches applied to the private glob
library used by sftp. This is not a security vulnerability as it's on
the client side only. Nevertheless, the BSD variants have been
patched to prevent resource exhaustion. My webrev is at:
http://cr.illumos.org/view/qle4ugwg/illumos1102/
The original glob.c contained 85 cstyle violations. I didn't fix
these or add any more.
Here's a test of the original sftp client, illustrating commands that
continue to run:
$ sftp localhost
Connecting to localhost...
Password:
sftp> lcd /tmp
sftp> get /etc/passwd foo
Fetching /etc/passwd to foo
/etc/passwd 100% 1192 1.2KB/s 00:00
sftp> lmkdir bar
sftp> get */../*/../*/../*/../*/../*/../* bar
/* Never completes */
Interrupt
sftp> get */../*/../*/../*/../*/../*/../*cx bar
/* Never completes */
Interrupt
File "/home/mills/*/../*/../*/../*/../*/../*/../*cx" not found.
sftp> exit
With the fix, they complete quickly:
$ ./sftp localhost
Connecting to localhost...
Password:
sftp> lcd /tmp
sftp> get */../*/../*/../*/../*/../*/../*cx bar
File "/home/mills/*/../*/../*/../*/../*/../*/../*cx" not found.
sftp> get */../*/../*/../*/../*/../*/../* bar
File "/home/mills/*/../*/../*/../*/../*/../*/../*" not found.
sftp> quit
$ lsf /tmp/bar
--
-Gary Mills- -Unix Group- -Computer and Network Services-
More information about the Developer
mailing list