[scponly] scponly 4.2 released (IMPORTANT SECURITY FIXES)

Thu Dec 22 09:22:10 EST 2005

Hi,

I'm glad to see new scponly release, and thank all of you who
involved in this release.

By the way, I found that WinSCP in SCP mode shows following error
messages and no home directory will be appeared when session started.
(SFTP mode works fine).

  Error

    Error looking up user groups.

      Command 'groups'
      failed with return code 0 and error message
      -scponly in free(): warning: junk pointer, too low to make sense.

  Error

    getting name of current remote directory.

      Command 'pwd'
      failed with return code 0 and error message
      -scponly in free(): warning: junk pointer, too low to make sense.

  ...

This problem rises when scponly is built with following arguments to
a configure script:

  --enable-scp-compat --enable-winscp-compat

It can be work around with attached patch.  Hope this helps.

Regards,

-- rushani

--- scponly.c.orig	Thu Dec 22 08:12:22 2005
+++ scponly.c	Thu Dec 22 23:19:28 2005
@@ -611,7 +611,9 @@
 				fflush(stdout);
 				fflush(stderr);
 				discard_vector(av);
+#ifdef USE_SAFE_ENVIRONMENT
 				discard_vector(safeenv);
+#endif
 				free(flat_request);
 				free(tmprequest);
 				return(WEXITSTATUS(status));
@@ -629,7 +631,9 @@
 		syslog(LOG_ERR, "failed: %s with error %s(%u) (%s)", flat_request, strerror(errno), errno, logstamp());
 		free(flat_request);
 		discard_vector(av);
+#ifdef USE_SAFE_ENVIRONMENT
 		discard_vector(safeenv);
+#endif
 #ifdef WINSCP_COMPAT
 		if (winscp_mode)
 		{

