NetBSD Problem Report #46815

From mac@SS.Culver.Net  Mon Aug 20 00:43:22 2012
Return-Path: <mac@SS.Culver.Net>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	by www.NetBSD.org (Postfix) with ESMTP id AF1E763B882
	for <gnats-bugs@gnats.NetBSD.org>; Mon, 20 Aug 2012 00:43:21 +0000 (UTC)
Message-Id: <20120820004319.B536E23950D@SS.Culver.Net>
Date: Sun, 19 Aug 2012 17:43:19 -0700 (PDT)
From: mac@SS.Culver.Net
Reply-To: mac@SS.Culver.Net
To: gnats-bugs@gnats.NetBSD.org
Subject: scp does not validate its arguments before asking for remote password
X-Send-Pr-Version: 3.95

>Number:         46815
>Category:       bin
>Synopsis:       scp does not validate its arguments before asking for remote password
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          suspended
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Aug 20 00:45:00 +0000 2012
>Closed-Date:    
>Last-Modified:  Wed Aug 22 06:45:01 +0000 2012
>Originator:     mac@SS.Culver.Net
>Release:        NetBSD 5.1_RC3
>Organization:

>Environment:


System: NetBSD SS.Culver.Net 5.1_RC3 NetBSD 5.1_RC3 (GENERIC) #0: Sat Jun 12 20:26:01 UTC 2010 builds@b8.netbsd.org:/home/builds/ab/netbsd-5-1-RC3/amd64/201006130031Z-obj/home/builds/ab/netbsd-5-1-RC3/src/sys/arch/amd64/compile/GENERIC amd64
Architecture: x86_64
Machine: amd64
>Description:
	/usr/bin/scp does not check its arguments before connecting to the remote machine

>How-To-Repeat:

$ rm dotp.tar
$ echo > dotp.tar.gz

$ scp dotp.tar tim:/usr/mac/
Password:
dotp.tar: No such file or directory

$ scp dotp.tar.gz tim:/usr/mac/
Password:
dotp.tar.gz                                                                             100%  834KB 278.0KB/s  65.9KB/s   00:03

$ 

Note that I mis-typed the filename; but scp made me go through a useless entry of my password before it complained.

>Fix:
	check arguments before initiating network connection.

>Release-Note:

>Audit-Trail:
From: Bernd Ernesti <netbsd@lists.veego.de>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: bin/46815: scp does not validate its arguments before asking for
 remote password
Date: Mon, 20 Aug 2012 07:19:11 +0200

 Please open a bug at upstream: http://www.openssh.org/ so they can fix this.

 There is enough difference in our code.

 Bernd

From: Michael Cheponis <Michael@Cheponis.Com>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: bin/46815: scp does not validate its arguments before asking for
 remote password
Date: Sun, 19 Aug 2012 22:49:00 -0700

 --14dae93408433b99c704c7ac1207
 Content-Type: text/plain; charset=ISO-8859-1

 OK.

 Thank you for the super-fast response!

 -Mike

 On Sun, Aug 19, 2012 at 10:25 PM, Bernd Ernesti <netbsd@lists.veego.de>wrote:

 > The following reply was made to PR bin/46815; it has been noted by GNATS.
 >
 > From: Bernd Ernesti <netbsd@lists.veego.de>
 > To: gnats-bugs@NetBSD.org
 > Cc:
 > Subject: Re: bin/46815: scp does not validate its arguments before asking
 > for
 >  remote password
 > Date: Mon, 20 Aug 2012 07:19:11 +0200
 >
 >  Please open a bug at upstream: http://www.openssh.org/ so they can fix
 > this.
 >
 >  There is enough difference in our code.
 >
 >  Bernd
 >
 >

 --14dae93408433b99c704c7ac1207
 Content-Type: text/html; charset=ISO-8859-1
 Content-Transfer-Encoding: quoted-printable

 OK.<div><br></div><div>Thank you for the super-fast response!</div><div><br=
 ></div><div>-Mike<br><br><div class=3D"gmail_quote">On Sun, Aug 19, 2012 at=
  10:25 PM, Bernd Ernesti <span dir=3D"ltr">&lt;<a href=3D"mailto:netbsd@lis=
 ts.veego.de" target=3D"_blank">netbsd@lists.veego.de</a>&gt;</span> wrote:<=
 br>

 <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
 x #ccc solid;padding-left:1ex">The following reply was made to PR bin/46815=
 ; it has been noted by GNATS.<br>
 <br>
 From: Bernd Ernesti &lt;<a href=3D"mailto:netbsd@lists.veego.de">netbsd@lis=
 ts.veego.de</a>&gt;<br>
 To: gnats-bugs@NetBSD.org<br>
 Cc:<br>
 Subject: Re: bin/46815: scp does not validate its arguments before asking f=
 or<br>
 =A0remote password<br>
 Date: Mon, 20 Aug 2012 07:19:11 +0200<br>
 <br>
 =A0Please open a bug at upstream: <a href=3D"http://www.openssh.org/" targe=
 t=3D"_blank">http://www.openssh.org/</a> so they can fix this.<br>
 <br>
 =A0There is enough difference in our code.<br>
 <span class=3D"HOEnZb"><font color=3D"#888888"><br>
 =A0Bernd<br>
 <br>
 </font></span></blockquote></div><br></div>

 --14dae93408433b99c704c7ac1207--

State-Changed-From-To: open->suspended
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Wed, 22 Aug 2012 04:07:23 +0000
State-Changed-Why:
Awaiting upstream action.
(I too would like this behavior improved...)


From: Matthew Mondor <mm_lists@pulsar-zone.net>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: bin/46815 (scp does not validate its arguments before asking
 for remote password)
Date: Wed, 22 Aug 2012 02:42:06 -0400

 If someone opened an OpenBSD PR about this, please post its number in a
 follow-up to this PR, for easy reference.

 Thanks,
 -- 
 Matt

>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.