NetBSD Problem Report #46815
From mac@SS.Culver.Net Mon Aug 20 00:43:22 2012
Return-Path: <mac@SS.Culver.Net>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
by www.NetBSD.org (Postfix) with ESMTP id AF1E763B882
for <gnats-bugs@gnats.NetBSD.org>; Mon, 20 Aug 2012 00:43:21 +0000 (UTC)
Message-Id: <20120820004319.B536E23950D@SS.Culver.Net>
Date: Sun, 19 Aug 2012 17:43:19 -0700 (PDT)
From: mac@SS.Culver.Net
Reply-To: mac@SS.Culver.Net
To: gnats-bugs@gnats.NetBSD.org
Subject: scp does not validate its arguments before asking for remote password
X-Send-Pr-Version: 3.95
>Number: 46815
>Category: bin
>Synopsis: scp does not validate its arguments before asking for remote password
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bin-bug-people
>State: suspended
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Aug 20 00:45:00 +0000 2012
>Closed-Date:
>Last-Modified: Wed Aug 22 06:45:01 +0000 2012
>Originator: mac@SS.Culver.Net
>Release: NetBSD 5.1_RC3
>Organization:
>Environment:
System: NetBSD SS.Culver.Net 5.1_RC3 NetBSD 5.1_RC3 (GENERIC) #0: Sat Jun 12 20:26:01 UTC 2010 builds@b8.netbsd.org:/home/builds/ab/netbsd-5-1-RC3/amd64/201006130031Z-obj/home/builds/ab/netbsd-5-1-RC3/src/sys/arch/amd64/compile/GENERIC amd64
Architecture: x86_64
Machine: amd64
>Description:
/usr/bin/scp does not check its arguments before connecting to the remote machine
>How-To-Repeat:
$ rm dotp.tar
$ echo > dotp.tar.gz
$ scp dotp.tar tim:/usr/mac/
Password:
dotp.tar: No such file or directory
$ scp dotp.tar.gz tim:/usr/mac/
Password:
dotp.tar.gz 100% 834KB 278.0KB/s 65.9KB/s 00:03
$
Note that I mis-typed the filename; but scp made me go through a useless entry of my password before it complained.
>Fix:
check arguments before initiating network connection.
>Release-Note:
>Audit-Trail:
From: Bernd Ernesti <netbsd@lists.veego.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: bin/46815: scp does not validate its arguments before asking for
remote password
Date: Mon, 20 Aug 2012 07:19:11 +0200
Please open a bug at upstream: http://www.openssh.org/ so they can fix this.
There is enough difference in our code.
Bernd
From: Michael Cheponis <Michael@Cheponis.Com>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: bin/46815: scp does not validate its arguments before asking for
remote password
Date: Sun, 19 Aug 2012 22:49:00 -0700
--14dae93408433b99c704c7ac1207
Content-Type: text/plain; charset=ISO-8859-1
OK.
Thank you for the super-fast response!
-Mike
On Sun, Aug 19, 2012 at 10:25 PM, Bernd Ernesti <netbsd@lists.veego.de>wrote:
> The following reply was made to PR bin/46815; it has been noted by GNATS.
>
> From: Bernd Ernesti <netbsd@lists.veego.de>
> To: gnats-bugs@NetBSD.org
> Cc:
> Subject: Re: bin/46815: scp does not validate its arguments before asking
> for
> remote password
> Date: Mon, 20 Aug 2012 07:19:11 +0200
>
> Please open a bug at upstream: http://www.openssh.org/ so they can fix
> this.
>
> There is enough difference in our code.
>
> Bernd
>
>
--14dae93408433b99c704c7ac1207
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
OK.<div><br></div><div>Thank you for the super-fast response!</div><div><br=
></div><div>-Mike<br><br><div class=3D"gmail_quote">On Sun, Aug 19, 2012 at=
10:25 PM, Bernd Ernesti <span dir=3D"ltr"><<a href=3D"mailto:netbsd@lis=
ts.veego.de" target=3D"_blank">netbsd@lists.veego.de</a>></span> wrote:<=
br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">The following reply was made to PR bin/46815=
; it has been noted by GNATS.<br>
<br>
From: Bernd Ernesti <<a href=3D"mailto:netbsd@lists.veego.de">netbsd@lis=
ts.veego.de</a>><br>
To: gnats-bugs@NetBSD.org<br>
Cc:<br>
Subject: Re: bin/46815: scp does not validate its arguments before asking f=
or<br>
=A0remote password<br>
Date: Mon, 20 Aug 2012 07:19:11 +0200<br>
<br>
=A0Please open a bug at upstream: <a href=3D"http://www.openssh.org/" targe=
t=3D"_blank">http://www.openssh.org/</a> so they can fix this.<br>
<br>
=A0There is enough difference in our code.<br>
<span class=3D"HOEnZb"><font color=3D"#888888"><br>
=A0Bernd<br>
<br>
</font></span></blockquote></div><br></div>
--14dae93408433b99c704c7ac1207--
State-Changed-From-To: open->suspended
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Wed, 22 Aug 2012 04:07:23 +0000
State-Changed-Why:
Awaiting upstream action.
(I too would like this behavior improved...)
From: Matthew Mondor <mm_lists@pulsar-zone.net>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: bin/46815 (scp does not validate its arguments before asking
for remote password)
Date: Wed, 22 Aug 2012 02:42:06 -0400
If someone opened an OpenBSD PR about this, please post its number in a
follow-up to this PR, for easy reference.
Thanks,
--
Matt
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.