Bug 2753 - Access violation of a array in sftp
Summary: Access violation of a array in sftp
Status: CLOSED INVALID
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sftp (show other bugs)
Version: 7.5p1
Hardware: amd64 All
: P5 normal
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-08-05 07:26 AEST by bingbing8
Modified: 2018-04-06 12:26 AEST (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description bingbing8 2017-08-05 07:26:54 AEST 
We found this issue when enable application verifier on windows. but we believe this repros on other OS too.
when the command is: sftp myaccount@127.0.0.1. optind+1 is 2, which is not outside the valid index of argv.

2521			file2 = argv[optind+1];


Suggested fixes:
		if(argc > optind + 1)
2521			file2 = argv[optind+1];
Comment 1 Damien Miller 2017-08-11 13:58:30 AEST 
I think the application verifier is incorrect here.

In this case, optind == argc-1, so file2 will be set to argv[argc]. argv[argc] is defined to be NULL by section 5.1.2.2.1 of the C standard:

"argv[argc] shall be a null pointer."

http://iso-9899.info/n1570.html#5.1.2.2.1p2
Comment 2 Damien Miller 2018-04-06 12:26:50 AEST 
Close all resolved bugs after release of OpenSSH 7.7.