On Tue, 13 Dec 2022, Chris Rapier wrote:
> Ah, I was missing that it was bringing in those values from sftp-client.h.
>
> A couple of things
>
> > +++ b/scp.c
> > @@ -96,6 +96,7 @@
> > #include <time.h>
> > #include <unistd.h>
> > #include <limits.h>
> > +#include <util.h>
> > #include <vis.h>
>
> Is util.h a BSD library? My linux distro doesn't seem to have it. I did find
> it in FreeBSD but it doesn't seem necessary in linux unless it's a security
> feature.
Yes, libutil is a BSD library. It's included in libopenbsd-compat for
portable OpenSSH.
> > + case 'X':
> > + /* Please keep in sync with sftp.c -X */
> > + if (strncmp(optarg, "buffer=", 7) == 0) {
> > + r = scan_scaled(optarg + 7, &llv);
> > + if (r == 0 && (llv <= 0 || llv > 256 * 1024))
> > {
> > + r = -1;
> > + errno = EINVAL;
>
> It seems that 256 * 1024 is too large here.
>
> "./scp -Xbuffer=262144 ~/50GB kilo:~
> scp: Outbound message too long 262169"
so don't do that :) I'm only trying to stop the user wasting so much memory
as to cause problems for the system here.
-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
