[illumos-Developer] Webrev for bug 1102: Resource exhaustion in sftp client
Gary Mills
mills at cc.umanitoba.ca
Thu Jun 23 12:42:55 PDT 2011
On Thu, Jun 23, 2011 at 12:46:10PM -0500, Gary Mills wrote:
> On Tue, Jun 14, 2011 at 10:27:40AM -0400, Gordon Ross wrote:
> > On Tue, Jun 14, 2011 at 8:25 AM, Gary Mills <mills at cc.umanitoba.ca> wrote:
> > > On Fri, Jun 10, 2011 at 10:05:25AM -0500, Gary Mills wrote:
> > >> This is for illumos bug 1102: Resource exhaustion in sftp client.
> > >> It's essentially the netbsd patches applied to the private glob
> > >> library used by sftp. This is not a security vulnerability as it's on
> > >> the client side only. Nevertheless, the BSD variants have been
> > >> patched to prevent resource exhaustion.
[...]
> I'll see if I can submit the patches upstream.
According to the changelog for portable openssh, they're already
there:
20110112
- OpenBSD CVS Sync
- nicm at cvs.openbsd.org 2010/10/08 21:48:42
[openbsd-compat/glob.c]
Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit
from ARG_MAX to 64K.
Fixes glob-using programs (notably ftp) able to be triggered to hit
resource limits.
Idea from a similar NetBSD change, original problem reported by jasper at .
ok millert tedu jasper
So, once the ssh product is updated from upstream, their resource
limit fixes will be present.
--
-Gary Mills- -Unix Group- -Computer and Network Services-
More information about the Developer
mailing list