[scponly] Re: scponly bug

joe joe at sublimation.org
Tue Sep 17 01:58:09 EDT 2002 

If you increase debuglevel to just "1" it should increase output only to
syslog, if i remember correctly.

thanks again,
joe

----

PGP KEY: http://www.sublimation.org/contact.html
PGP Key fingerprint = EC4B 0DA5 B4F6 BDDD 9176 55D6 3A6A 7D63 158F 22D2


On Tue, 17 Sep 2002, Zdenek Hladik wrote:

> Hi,
>
> I tried to fix yesterday mentioned error - succesfully. But there are
> still often situations ending in signal 11. So it will be good to
> revise coding. If there are those problems it is very probably also
> possible buffer overflow vulnerability problems.
>
> On 16 Sep 02, at 10:28, joe wrote:
>
> >
> > Zdenek,
> >
> > Thanks for emailing me.  I am hoping I can ask you some more questions
> > about the problems you mention.  see questions inline...
> >
> > On Mon, 16 Sep 2002, Zdenek Hladik wrote:
> > > Hello,
> > >
> > > I just tried to test your SCPONLY package. It seems to by little
> > > messy package. It seems that 3.1 pakage nobody tested on Linux. make
> > > jail ends with crazy error. But it is not big problem because chroot
> > > for making jail is on Internet lot of other cookbooks.
> >
> > Could you send me this error?
> >
> > > But more serious problem i got. At first I believed that i made wrong
> > > chroot jail, but after adding some debug messages to scponly.c i
> > > found that scponlyc crashes inside
> > >
> > >        flatten_vector()
> > >
> > > on processing of scp -r -p -d "somefile" command from winscp. with
> > > exit signal 11 (memory violation).
> >
> > If possible, could you increase your debugging output (edit
> > /usr/local/etc/scponly/debugfile andchange value inside the file to "2")
> > and rerun your winscp program to cause the crash.  It would be very
> > valuable if i could see the debugging output.
>
> Incrieasing debug level totally mess Winscp. It is better to change
> destionation on some debug level to log file instead to stdout...
>
> >
> > > Because I did not understand purposes of flattening i simply used
> > > "request" variable instead of flatted_request" and it started to
> > > work.
> >
> > flatten_vector() takes an argument vector (like char **argv) and changes
> > it into a regular C string (char *).  it does this by placing a
> > single space between each argument in the argument vector.   i will audit
> > this code and try to find the problem.
> >
> > > So, please check your flatten_vector() routine - somewhere must be
> > > problem, probably with pointers. (as very commoin in C language)
> > >
> > > Even with those problems I believe that it is very valuable package
> > > and I hope also that Openssh authors incoproprate supporting features
> > >  to future versions of package. So much thans for your work...
> > >
> > > bye
> > >                                     Zdenek Hladik
> > >                                          I M A
> > >
> > >
> > >
> > >
> > >
> >
> >
>
>

More information about the scponly mailing list