Skip to content

libssh2: error check and null-terminate in ssh_state_sftp_readdir_link() #18598

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
vszakats wants to merge 4 commits into from
Closed

libssh2: error check and null-terminate in ssh_state_sftp_readdir_link() #18598

vszakats wants to merge 4 commits into from

Conversation

@vszakats
Copy link
Member

@vszakats vszakats commented Sep 18, 2025
edited
Loading

  • null-terminate the result to match the other getter
    libssh2_sftp_symlink_ex() call.

  • check negative result and bail out early.

Reported-by: Joshua Rogers

@bagder
Copy link
Member

bagder commented Sep 18, 2025

libssh2_sftp_symlink_ex() is also called in ssh_state_sftp_readdir_link which also needs a poke.

@vszakats vszakats marked this pull request as draft September 18, 2025 13:17
@vszakats
Copy link
Member Author

vszakats commented Sep 18, 2025

libssh2_sftp_symlink_ex() is also called in ssh_state_sftp_readdir_link which also needs a poke.

Yes, that's where I patched, or wasn't I?

Unless I missing something the null-termination seems to be fixed since libssh2
0.13, and curl requires 1.2.8?:
libssh2/libssh2@efc3841

A negative check looks necessary though to avoid continuing with an uninitialized
buffer (or other error cases besides LIBSSH2_ERROR_EAGAIN):
https://github.com/libssh2/libssh2/blob/3389a125f3f27db98b94ef9d014b86d6da06d9ed/src/sftp.c#L3930

@vszakats vszakats changed the title libssh2: null-terminate string returned by libssh2_sftp_symlink_ex() libssh2: error check and null-terminate in ssh_state_sftp_readdir_link() Sep 18, 2025
@vszakats vszakats changed the title libssh2: error check and null-terminate in ssh_state_sftp_readdir_link() libssh2: error check and null-terminate in ssh_state_sftp_readdir_link() Sep 18, 2025
@vszakats vszakats marked this pull request as ready for review September 18, 2025 16:39
@vszakats vszakats closed this in 9f18cb6 Sep 18, 2025
@vszakats vszakats deleted the libssh2strterm branch September 18, 2025 20:01
vszakats added a commit to vszakats/curl that referenced this pull request Sep 18, 2025
@vszakats
libssh2: drop two redundant null-terminations
5d5fc95 
One of these was added in the initial SFTP commit in 2006:
a634f64

At that time this was a reasonable concern because libssh2 started
null-terminating this string just one year prior:
libssh2/libssh2@efc3841

This fix was released in libssh2 v0.13.

curl requires libssh v1.2.8, making this workaround no longer necessary.

Follow-up to 9f18cb6 curl#18598
@vszakats vszakats mentioned this pull request Sep 18, 2025
Closed
vszakats added a commit that referenced this pull request Sep 19, 2025
@vszakats
libssh2: drop two redundant null-terminations
0d9a07a 
The null-termination was first added in the initial SFTP commit in 2006:
a634f64

At that time this was a reasonable concern because libssh2 started
null-terminating this string just one year prior, in 2005:
libssh2/libssh2@efc3841

This fix was released in libssh2 v0.13 (2006-03-02).

curl requires libssh2 v1.2.8, making this workaround no longer necessary.

Follow-up to 9f18cb6 #18598

Closes #18606
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bagder bagder bagder approved these changes

Assignees

No one assigned

Labels

SCP/SFTP

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vszakats @bagder