diff options
author | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2019-10-25 13:24:28 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-12-09 16:08:03 +0100 |
commit | c75d417d06867fd792b788e6281334621c2cd335 (patch) | |
tree | 60619fbba7fdd2a0b8365fb9db20d3db13113c1c | |
parent | 42c727d0c186a1e2fa84a31ab40e16e58b404ab3 (diff) | |
download | libssh-c75d417d06867fd792b788e6281334621c2cd335.tar.gz libssh-c75d417d06867fd792b788e6281334621c2cd335.tar.xz libssh-c75d417d06867fd792b788e6281334621c2cd335.zip |
CVE-2019-14889: scp: Log SCP warnings received from the server
Fixes T181
Previously, warnings received from the server were ignored. With this
change the warning message sent by the server will be logged.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r-- | src/scp.c | 75 |
1 files changed, 11 insertions, 64 deletions
@@ -113,7 +113,6 @@ int ssh_scp_init(ssh_scp scp) { int rc; char execbuffer[1024] = {0}; - uint8_t code; if (scp == NULL) { return SSH_ERROR; @@ -157,19 +156,8 @@ int ssh_scp_init(ssh_scp scp) } if (scp->mode == SSH_SCP_WRITE) { - rc = ssh_channel_read(scp->channel, &code, 1, 0); - if (rc <= 0) { - ssh_set_error(scp->session, SSH_FATAL, - "Error reading status code: %s", - ssh_get_error(scp->session)); - scp->state = SSH_SCP_ERROR; - return SSH_ERROR; - } - - if (code != 0) { - ssh_set_error(scp->session, SSH_FATAL, - "scp status code %ud not valid", code); - scp->state = SSH_SCP_ERROR; + rc = ssh_scp_response(scp, NULL); + if (rc != 0) { return SSH_ERROR; } } else { @@ -277,7 +265,6 @@ int ssh_scp_push_directory(ssh_scp scp, const char *dirname, int mode) { char buffer[1024] = {0}; int rc; - uint8_t code; char *dir = NULL; char *perms = NULL; @@ -303,19 +290,8 @@ int ssh_scp_push_directory(ssh_scp scp, const char *dirname, int mode) return SSH_ERROR; } - rc = ssh_channel_read(scp->channel, &code, 1, 0); - if (rc <= 0) { - ssh_set_error(scp->session, SSH_FATAL, - "Error reading status code: %s", - ssh_get_error(scp->session)); - scp->state = SSH_SCP_ERROR; - return SSH_ERROR; - } - - if (code != 0) { - ssh_set_error(scp->session, SSH_FATAL, "scp status code %ud not valid", - code); - scp->state = SSH_SCP_ERROR; + rc = ssh_scp_response(scp, NULL); + if (rc != 0) { return SSH_ERROR; } @@ -334,7 +310,6 @@ int ssh_scp_leave_directory(ssh_scp scp) { char buffer[] = "E\n"; int rc; - uint8_t code; if (scp == NULL) { return SSH_ERROR; @@ -352,18 +327,8 @@ int ssh_scp_leave_directory(ssh_scp scp) return SSH_ERROR; } - rc = ssh_channel_read(scp->channel, &code, 1, 0); - if (rc <= 0) { - ssh_set_error(scp->session, SSH_FATAL, "Error reading status code: %s", - ssh_get_error(scp->session)); - scp->state = SSH_SCP_ERROR; - return SSH_ERROR; - } - - if (code != 0) { - ssh_set_error(scp->session, SSH_FATAL, "scp status code %ud not valid", - code); - scp->state = SSH_SCP_ERROR; + rc = ssh_scp_response(scp, NULL); + if (rc != 0) { return SSH_ERROR; } @@ -395,7 +360,6 @@ int ssh_scp_push_file64(ssh_scp scp, const char *filename, uint64_t size, int rc; char *file = NULL; char *perms = NULL; - uint8_t code; if (scp == NULL) { return SSH_ERROR; @@ -422,19 +386,8 @@ int ssh_scp_push_file64(ssh_scp scp, const char *filename, uint64_t size, return SSH_ERROR; } - rc = ssh_channel_read(scp->channel, &code, 1, 0); - if (rc <= 0) { - ssh_set_error(scp->session, SSH_FATAL, - "Error reading status code: %s", - ssh_get_error(scp->session)); - scp->state = SSH_SCP_ERROR; - return SSH_ERROR; - } - - if (code != 0) { - ssh_set_error(scp->session, SSH_FATAL, - "scp status code %ud not valid", code); - scp->state = SSH_SCP_ERROR; + rc = ssh_scp_response(scp, NULL); + if (rc != 0) { return SSH_ERROR; } @@ -498,7 +451,7 @@ int ssh_scp_response(ssh_scp scp, char **response) if (code > 2) { ssh_set_error(scp->session, SSH_FATAL, - "SCP: invalid status code %ud received", code); + "SCP: invalid status code %u received", code); scp->state = SSH_SCP_ERROR; return SSH_ERROR; } @@ -585,14 +538,8 @@ int ssh_scp_write(ssh_scp scp, const void *buffer, size_t len) * and handle */ rc = ssh_channel_poll(scp->channel, 0); if (rc > 0) { - rc = ssh_channel_read(scp->channel, &code, 1, 0); - if (rc == SSH_ERROR) { - return SSH_ERROR; - } - - if (code == 1 || code == 2) { - ssh_set_error(scp->session, SSH_REQUEST_DENIED, - "SCP: Error: status code %i received", code); + rc = ssh_scp_response(scp, NULL); + if (rc != 0) { return SSH_ERROR; } } |