From nobody@FreeBSD.org  Fri Jan 18 00:56:21 2002
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 334E137B419
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 18 Jan 2002 00:56:21 -0800 (PST)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g0I8uLX23652;
	Fri, 18 Jan 2002 00:56:21 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200201180856.g0I8uLX23652@freefall.freebsd.org>
Date: Fri, 18 Jan 2002 00:56:21 -0800 (PST)
From: Eugene Podkopaev <eugene@emetex.ru>
To: freebsd-gnats-submit@FreeBSD.org
Subject: sftp core dumped
X-Send-Pr-Version: www-1.0

>Number:         34019
>Category:       misc
>Synopsis:       sftp core dumped
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    des
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 18 01:00:01 PST 2002
>Closed-Date:    Tue Aug 19 03:47:30 PDT 2003
>Last-Modified:  Tue Aug 19 03:47:30 PDT 2003
>Originator:     Eugene Podkopaev
>Release:        4.5-PRERELEASE
>Organization:
JSC EMETEX
>Environment:
FreeBSD selena 4.5-PRERELEASE FreeBSD 4.5-PRERELEASE #4: Tue Jan  8 13:07:29 MSK  2002     root@selena:/usr/obj/usr/src/sys/SELENA  i386
>Description:
sftp crashes when I try to upload nonexisting file.
>How-To-Repeat:
ssh_config:
   Host *
   Protocol 2,1

sshd_config:
   Port 22
   Protocol 2
   ListenAddress 192.168.0.1
   ListenAddress 195.2.80.100
   HostKey /etc/ssh/ssh_host_key
   HostKey /etc/ssh/ssh_host_dsa_key
   ServerKeyBits 768
   LoginGraceTime 120
   KeyRegenerationInterval 3600
   PermitRootLogin yes
   MaxStartups 10:30:60
   IgnoreRhosts yes
   RhostsRSAAuthentication
   StrictModes yes
   X11Forwarding yes
   X11DisplayOffset 10
   PrintMotd yes
   KeepAlive yes
   SyslogFacility AUTH
   LogLevel INFO
   RhostsAuthentication no
   RhostsRSAAuthentication no
   HostbasedAuthentication no
   RSAAuthentication yes
   PasswordAuthentication no
   PermitEmptyPasswords no
   CheckMail no
   Subsystem	sftp	/usr/libexec/sftp-server

How to repeat:

# sftp selena.emetex.ru
Connecting to selena.emetex.ru...
sftp> put nonexisting
Segmentation fault (core dumped)
#

>Fix:
Patch:

--- crypto/openssh/sftp-int.c.orig	Fri Jan 18 11:36:22 2002
+++ crypto/openssh/sftp-int.c	Fri Jan 18 11:49:18 2002
@@ -436,7 +436,7 @@
 
 	memset(&g, 0, sizeof(g));
 	debug3("Looking up %s", src);
-	if (glob(src, 0, NULL, &g)) {
+	if (glob(src, 0, NULL, &g) || !g.gl_pathc) {
 		error("File \"%s\" not found.", src);
 		err = -1;
 		goto out;

>Release-Note:
>Audit-Trail:

From: Peter Pentchev <roam@ringlet.net>
To: Eugene Podkopaev <eugene@emetex.ru>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: misc/34019: sftp core dumped
Date: Fri, 18 Jan 2002 11:37:28 +0200

 On Fri, Jan 18, 2002 at 12:56:21AM -0800, Eugene Podkopaev wrote:
 > 
 > >Number:         34019
 > >Category:       misc
 > >Synopsis:       sftp core dumped
 > >Originator:     Eugene Podkopaev
 > >Release:        4.5-PRERELEASE
 > >Organization:
 > JSC EMETEX
 > >Environment:
 > FreeBSD selena 4.5-PRERELEASE FreeBSD 4.5-PRERELEASE #4: Tue Jan  8 13:07:29 MSK  2002     root@selena:/usr/obj/usr/src/sys/SELENA  i386
 > >Description:
 > sftp crashes when I try to upload nonexisting file.
 > >How-To-Repeat:
 [snip]
 > # sftp selena.emetex.ru
 > Connecting to selena.emetex.ru...
 > sftp> put nonexisting
 > Segmentation fault (core dumped)
 > #
 
 Can you try the attached patch?  It should work for both -stable
 and -current with no modifications.
 
 After applying the patch, all you need to rebuild is sftp; something like
 cd /usr/src/secure/usr.bin/sftp && make && sudo make install
 should do the trick.
 
 G'luck,
 Peter
 
 -- 
 I am jealous of the first word in this sentence.
 
 Index: src/crypto/openssh/sftp-int.c
 ===================================================================
 RCS file: /home/ncvs/src/crypto/openssh/sftp-int.c,v
 retrieving revision 1.1.1.1.2.1
 diff -u -r1.1.1.1.2.1 sftp-int.c
 --- src/crypto/openssh/sftp-int.c	28 Sep 2001 01:33:34 -0000	1.1.1.1.2.1
 +++ src/crypto/openssh/sftp-int.c	18 Jan 2002 09:31:31 -0000
 @@ -357,7 +357,8 @@
  
  	memset(&g, 0, sizeof(g));
  	debug3("Looking up %s", abs_src);
 -	if (remote_glob(in, out, abs_src, 0, NULL, &g)) {
 +	if (remote_glob(in, out, abs_src, 0, NULL, &g) != 0 ||
 +	    g.gl_matchc == 0) {
  		error("File \"%s\" not found.", abs_src);
  		err = -1;
  		goto out;
 @@ -436,7 +437,7 @@
  
  	memset(&g, 0, sizeof(g));
  	debug3("Looking up %s", src);
 -	if (glob(src, 0, NULL, &g)) {
 +	if (glob(src, 0, NULL, &g) != 0 || g.gl_matchc == 0) {
  		error("File \"%s\" not found.", src);
  		err = -1;
  		goto out;
Responsible-Changed-From-To: freebsd-bugs->green 
Responsible-Changed-By: roam 
Responsible-Changed-When: Fri Jan 18 01:40:49 PST 2002 
Responsible-Changed-Why:  
Over to Brian Feldman, the maintainer of the FreeBSD OpenSSH. 

Brian, it seems that this bug is present in openssh-portable-3.0b1, too. 
My patch in the audit trail should fix it; I know that this patch should 
ideally be submitted to the OpenSSH developers and then naturally 
integrated into our OpenSSH, but in view of the impending 4.5-RELEASE, 
could it be committed directly into our tree to solve an obvious problem? 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=34019 

From: Peter Pentchev <roam@ringlet.net>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: misc/34019: sftp core dumped
Date: Fri, 18 Jan 2002 11:48:47 +0200

 Adding this to the audit trail - it seems that the PR originator
 is satisfied with this patch.  I will submit it to the OpenSSH
 developers right now, but I still think that if no response is
 received from them in a day or three, this patch should be committed
 to the FreeBSD version and MFC'd immediately, so 4.5 ships with
 a working sftp client.
 
 G'luck,
 Peter
 
 -- 
 Do you think anybody has ever had *precisely this thought* before?
 
 ----- Forwarded message from ??????? ????????? <eugene@emetex.ru> -----
 
 From: "??????? ?????????" <eugene@emetex.ru>
 To: "Peter Pentchev" <roam@ringlet.net>
 Subject: Re: misc/34019: sftp core dumped
 Date: Fri, 18 Jan 2002 12:39:55 +0300
 X-Priority: 3
 X-MSMail-Priority: Normal
 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
 
 Thank you!
 
 ----- End forwarded message -----

From: Damien Miller <djm@mindrot.org>
To: freebsd-gnats-submit@FreeBSD.org, eugene@emetex.ru
Cc:  
Subject: Re: misc/34019: sftp core dumped
Date: Sat, 19 Jan 2002 09:29:43 +1100

 Are you sure it is not your glob() implementation that is incorrect 
 here? sftp relies on glob to return non-zero (i.e. GLOB_NOMATCH) when no 
 files are matched. This works correctly on Linux, Solaris and OpenBSD.
 
Responsible-Changed-From-To: green->des 
Responsible-Changed-By: green 
Responsible-Changed-When: Sat Jul 12 21:24:32 PDT 2003 
Responsible-Changed-Why:  
ssh over to DES 

http://www.freebsd.org/cgi/query-pr.cgi?pr=34019 
State-Changed-From-To: open->closed 
State-Changed-By: des 
State-Changed-When: Tue Aug 19 03:47:28 PDT 2003 
State-Changed-Why:  
OBE 

http://www.freebsd.org/cgi/query-pr.cgi?pr=34019 
>Unformatted:
