Debian Bug report logs -
#51955
scping localhost:<file> <file> destroys <file>
Reported by: "Dale E. Martin" <dmartin@clifton-labs.com>
Date: Sun, 5 Dec 1999 11:48:00 UTC
Severity: wishlist
Found in version 1:1.2pre13-1
Done: Matthew Vernon <matthew@sel.cam.ac.uk>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Philip Hands <phil@hands.com>:
Bug#51955; Package ssh.
(full text, mbox, link).
Acknowledgement sent to "Dale E. Martin" <dmartin@clifton-labs.com>:
New Bug report received and forwarded. Copy sent to Philip Hands <phil@hands.com>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: ssh
Version: 1:1.2pre13-1
Severity: normal
I just corrupted my .bash\* files by forgetting what window I was in for a
moment :-( The non-free ssh figures out that it's the same file and stops
you before it tries to copy anything.
Just as clarification, I was in my home dir on chinchilla, and I did this:
~> scp chinchilla:.bash\* .
It said "I/O error" and now those files are full of binary stuff.
-- System Information
Debian Release: potato
Architecture: i386
Kernel: Linux chinchilla 2.2.13 #1 SMP Tue Nov 16 21:19:34 EST 1999 i686
Versions of packages ssh depends on:
ii libc6 2.1.2-10 GNU C Library: Shared libraries an
ii libpam-modules 0.71-1 Pluggable Authentication Modules f
ii libpam0g 0.71-1 Pluggable Authentication Modules l
ii libssl09 0.9.4-3 SSL shared libraries
ii libwrap0 7.6-1.1 Wietse Venema's TCP wrappers libra
ii zlib1g [libz1] 1:1.1.3-5 compression library - runtime
-- Configuration Files:
/etc/ssh/ssh_config changed [not included]
Information forwarded to debian-bugs-dist@lists.debian.org, Philip Hands <phil@hands.com>:
Bug#51955; Package ssh.
(full text, mbox, link).
Acknowledgement sent to Christian Kurz <shorty@debian.org>:
Extra info received and forwarded to list. Copy sent to Philip Hands <phil@hands.com>.
(full text, mbox, link).
Message #10 received at 51955@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
> Package: ssh
> Version: 1:1.2pre13-1
> Severity: normal
> I just corrupted my .bash\* files by forgetting what window I was in for a
> moment :-( The non-free ssh figures out that it's the same file and stops
> you before it tries to copy anything.
> Just as clarification, I was in my home dir on chinchilla, and I did this:
> ~> scp chinchilla:.bash\* .
> It said "I/O error" and now those files are full of binary stuff.
This bug should be solved in the ssh-package that is available in
testing. Could you please verify this, so that we can close this
bugreport now?
Ciao
Christian
--
Debian Developer and Quality Assurance Team Member
1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853
[Message part 2 (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#51955; Package ssh.
(full text, mbox, link).
Acknowledgement sent to Ian Jackson <ian@davenant.greenend.org.uk>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>.
(full text, mbox, link).
Message #15 received at 51955@bugs.debian.org (full text, mbox, reply):
There is a remotely potential security problem here, and in any case a
clear bug, in that in some circumstances (mainly involving races) scp
can be induced to copy random junk from its innards into destination
files.
The diff below causes the files to end up with nul bytes in instead.
It does not attempt to detect the `copy file onto itself' usage error,
which will still usually result in the destruction of the file.
Ian.
--- scp.c~ Thu Aug 23 00:10:58 2001
+++ scp.c Thu Aug 23 01:10:47 2001
@@ -571,8 +571,11 @@
amt = stb.st_size - i;
if (!haderr) {
result = atomicio(read, fd, bp->buf, amt);
- if (result != amt)
+ if (result != amt) {
haderr = result >= 0 ? EIO : errno;
+ result = result >= 0 ? result : 0;
+ memset(bp->buf+result, 0, amt-result);
+ }
}
if (haderr)
(void) atomicio(write, remout, bp->buf, amt);
Changed Bug title.
Request was from Matthew Vernon <matthew@empire.ucam.org>
to control@bugs.debian.org.
(full text, mbox, link).
Severity set to `wishlist'.
Request was from Matthew Vernon <matthew@empire.ucam.org>
to control@bugs.debian.org.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>, openssh@packages.qa.debian.org:
Bug#51955; Package ssh.
(full text, mbox, link).
Acknowledgement sent to mouring <mouring@etoh.eviladmin.org>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>, openssh@packages.qa.debian.org.
(full text, mbox, link).
Message #24 received at 51955@bugs.debian.org (full text, mbox, reply):
This has been fixed in OpenSSH for a while now (5/19/2001). 3.0.2pX should
work fine.
Patch applied:
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.70&r2=1.71
- Ben
Reply sent to Matthew Vernon <matthew@sel.cam.ac.uk>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to "Dale E. Martin" <dmartin@clifton-labs.com>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #29 received at 51955-done@bugs.debian.org (full text, mbox, reply):
Upstream inform me this bug has been fixed.
Matthew
--
Rapun.sel - outermost outpost of the Pick Empire
http://www.pick.ucam.org
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sat Mar 25 17:56:46 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.