Bug 3206

Summary:

sftp client(32bit) chown command does not support uid >LONG_MAX

Product:

Portable OpenSSH

Reporter:

Chloe <booking00>

Component:

sftp

Assignee:

Assigned to nobody <unassigned-bugs>

Status:

CLOSED FIXED

Severity:

normal

CC:

dtucker

Priority:

Version:

6.9p1

Hardware:

68k

OS:

All

Bug Depends on:

Bug Blocks:

3217

Attachments:

Description	Flags
Use long long for chown uid	none

Description Chloe 2020-08-30 22:33:02 AEST

Server could accept uid < ULONG_MAX. But client can only accept uid<LONG_MAX. There is a gap between client and server. Variable l is defiled as signed long. Is it possible to extend?

sftp> chown 2147483648 execute.sh
You must supply a numeric argument to the chown command.


	case I_CHOWN:
	case I_CHGRP:
		if ((optidx = parse_ch_flags(cmd, argv, argc, hflag)) == -1)
			return -1;
		/* Get numeric arg (mandatory) */
		if (argc - optidx < 1)
			goto need_num_arg;
		errno = 0;
		l = strtol(argv[optidx], &cp2, base);
		if (cp2 == argv[optidx] || *cp2 != '\0' ||
		    ((l == LONG_MIN || l == LONG_MAX) && errno == ERANGE) ||
		    l < 0) {
 need_num_arg:
			error("You must supply a numeric argument "
			    "to the %s command.", cmd);
			return -1;
		}

Comment 1 Darren Tucker 2020-10-02 15:16:28 AEST

Created attachment 3447 [details]
Use long long for chown uid

This seems to fix it.  On an i386 before:

sftp> chown 2147483648 /tmp/t
You must supply a numeric argument to the chown command.

and after:

sftp> chown 2147483648 /tmp/t
Changing owner on /tmp/t
sftp> exit

Comment 2 Darren Tucker 2020-10-04 14:04:32 AEDT

Patch applied and will be in the next major release.  Thanks for the report.

Comment 3 Damien Miller 2021-03-04 09:54:00 AEDT

close bugs that were resolved in OpenSSH 8.5 release cycle