64 – scp over a file produces I/O error anf give password file contents

Bug 64 - scp over a file produces I/O error anf give password file contents

Summary: scp over a file produces I/O error anf give password file contents

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	scp (show other bugs)
Version:	-current
Hardware:	Other All

Importance:	P2 minor
Assignee:	OpenSSH Bugzilla mailing list

URL:
Keywords:

Depends on:
Blocks:

Reported:	2002-01-04 05:15 AEDT by Brad Powell
Modified:	2004-04-14 12:24 AEST (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Brad Powell 2002-01-04 05:15:27 AEDT

Minor annoyance really, and the user gets what they deserve (sort of) for being
silly, but it still seems worth reporting.

Recreate by creating a file "foo" with some content. Don't use a file you want
to keep ;^).

then try:  "scp foo localhost:/path-to-file/foo".  Where "localhost" is the 
name of your host, and "path-to-file" is the absolute pathname to the file
you are copying.

scp bombs with 
foo:  I/O error
and the contents of "foo" becomes a copy of the /etc/passwd file. Seems like scp
is dumping its buffer which includes the password file contents. This was
reported to me by some user who has a bunch of hostnames that are similar in
name, thus the user mistake.

Seemed worth reporting. Probably not a security problem as-is, but might be.

Comment 1 Markus Friedl 2002-01-05 21:48:30 AEDT

fixed:

revision 1.81
date: 2001/08/29 20:44:03;  author: markus;  state: Exp;  lines: +2 -1
clear the malloc'd buffer, otherwise source() will leak malloc'd memory; ok
theo@

Comment 2 Damien Miller 2004-04-14 12:24:17 AEST

Mass change of RESOLVED bugs to CLOSED