Bug 64

Summary: scp over a file produces I/O error anf give password file contents
Product: Portable OpenSSH Reporter: Brad Powell <brad>
Component: scpAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED FIXED    
Severity: minor    
Priority: P2    
Version: -current   
Hardware: Other   
OS: All   

Description Brad Powell 2002-01-04 05:15:27 AEDT 
Minor annoyance really, and the user gets what they deserve (sort of) for being
silly, but it still seems worth reporting.

Recreate by creating a file "foo" with some content. Don't use a file you want
to keep ;^).

then try:  "scp foo localhost:/path-to-file/foo".  Where "localhost" is the 
name of your host, and "path-to-file" is the absolute pathname to the file
you are copying.

scp bombs with 
foo:  I/O error
and the contents of "foo" becomes a copy of the /etc/passwd file. Seems like scp
is dumping its buffer which includes the password file contents. This was
reported to me by some user who has a bunch of hostnames that are similar in
name, thus the user mistake.

Seemed worth reporting. Probably not a security problem as-is, but might be.
Comment 1 Markus Friedl 2002-01-05 21:48:30 AEDT 
fixed:

revision 1.81
date: 2001/08/29 20:44:03;  author: markus;  state: Exp;  lines: +2 -1
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok
theo@
Comment 2 Damien Miller 2004-04-14 12:24:17 AEST 
Mass change of RESOLVED bugs to CLOSED