[scponly] Re: scponly bug

joe joe at sublimation.org
Tue Sep 17 12:21:13 EDT 2002 

Zdenek,

Yes, the wildcard expansion code is complex - i dont think anyone is going
to dispute that with you.  I'm more than open to suggestions on addressing
any problem with general complexity or a specific bug.  I'm not sure what,
if anything, you are advising.   you may not realize scponly-3.1 is a BETA
release still.  if you require more robustness, you may prefer
scponly-2.4.tgz

I havent take a long hard look at any of the problems you have mentioned
yet, but i do intend to, and i appreciate the information you have sent.
do not hesitate to send more if you find anything else.

joe

On Tue, 17 Sep 2002, Zdenek Hladik wrote:
> On 17 Sep 02, at 0:58, joe wrote:
>
> >
> >
> > If you increase debuglevel to just "1" it should increase output only to
> > syslog, if i remember correctly.
>
> Yes I know this fact, i studied source. But in case of crash of
> scponly binary there is only message about signal 11 end. So I
> identified place by adding tracinglog writes to source. I am not unix
> fluent programmer so I dont know how to make core dump. May be you
> can do it and after receiving some feedback core dump files  you will
> be able to find problem.
>
> Sorry but I believe you are not yet very fulent in C pointers
> pitfall. (Nobody I know is enough). You use quite complex
> constructions and I am afraid it is full of bugs. Dangerous bugs
> because writing to area of other variables cause very random
> behaviour of program.
>
> For example. Now after mentioned fix program work quite good, but
> sometimes crashes on deletion of directory. I repeated several times
> test and crash depends if i copied before deletion some dirs or
> not...
>
>                                            Zdenek Hladik
>
> >
> > thanks again,
> > joe
> >
> > ----
> >
> > PGP KEY: http://www.sublimation.org/contact.html
> > PGP Key fingerprint = EC4B 0DA5 B4F6 BDDD 9176 55D6 3A6A 7D63 158F 22D2
> >
> >
> > On Tue, 17 Sep 2002, Zdenek Hladik wrote:
> >
> > > Hi,
> > >
> > > I tried to fix yesterday mentioned error - succesfully. But there are
> > > still often situations ending in signal 11. So it will be good to
> > > revise coding. If there are those problems it is very probably also
> > > possible buffer overflow vulnerability problems.
> > >
> > > On 16 Sep 02, at 10:28, joe wrote:
> > >
> > > >
> > > > Zdenek,
> > > >
> > > > Thanks for emailing me.  I am hoping I can ask you some more questions
> > > > about the problems you mention.  see questions inline...
> > > >
> > > > On Mon, 16 Sep 2002, Zdenek Hladik wrote:
> > > > > Hello,
> > > > >
> > > > > I just tried to test your SCPONLY package. It seems to by little
> > > > > messy package. It seems that 3.1 pakage nobody tested on Linux. make
> > > > > jail ends with crazy error. But it is not big problem because chroot
> > > > > for making jail is on Internet lot of other cookbooks.
> > > >
> > > > Could you send me this error?
> > > >
> > > > > But more serious problem i got. At first I believed that i made wrong
> > > > > chroot jail, but after adding some debug messages to scponly.c i
> > > > > found that scponlyc crashes inside
> > > > >
> > > > >        flatten_vector()
> > > > >
> > > > > on processing of scp -r -p -d "somefile" command from winscp. with
> > > > > exit signal 11 (memory violation).
> > > >
> > > > If possible, could you increase your debugging output (edit
> > > > /usr/local/etc/scponly/debugfile andchange value inside the file to "2")
> > > > and rerun your winscp program to cause the crash.  It would be very
> > > > valuable if i could see the debugging output.
> > >
> > > Incrieasing debug level totally mess Winscp. It is better to change
> > > destionation on some debug level to log file instead to stdout...
> > >
> > > >
> > > > > Because I did not understand purposes of flattening i simply used
> > > > > "request" variable instead of flatted_request" and it started to
> > > > > work.
> > > >
> > > > flatten_vector() takes an argument vector (like char **argv) and changes
> > > > it into a regular C string (char *).  it does this by placing a
> > > > single space between each argument in the argument vector.   i will audit
> > > > this code and try to find the problem.
> > > >
> > > > > So, please check your flatten_vector() routine - somewhere must be
> > > > > problem, probably with pointers. (as very commoin in C language)
> > > > >
> > > > > Even with those problems I believe that it is very valuable package
> > > > > and I hope also that Openssh authors incoproprate supporting features
> > > > >  to future versions of package. So much thans for your work...
> > > > >
> > > > > bye
> > > > >                                     Zdenek Hladik
> > > > >                                          I M A
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
>
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
>

More information about the scponly mailing list