[scponly] scp blues

Kaleb Pederson kpederson at mail.ewu.edu
Fri Mar 17 11:39:03 EST 2006


Patch attached.  Thanks for the details.

That bug was my fault :(.  When I setup the "safe" environment processing I 
hadn't realized that discard_vector() tried to free the entire original array 
(not just the children).  However, the base array was compiler allocated, and 
thus didn't need to be freed within the code.

The attached patch dynamically allocates the space for the environment 
variables instead of it being compiler allocated.  Thus, when discard_vector 
frees the space, it was truly dynamically allocated.

Thanks.

--Kaleb

On Thursday 16 March 2006 3:59 pm, Daniel Webb wrote:
> On Thu, Mar 16, 2006 at 02:18:31AM -0700, Daniel Webb wrote:
> > By the way, the "invalid pointer" message still comes up any time I try
> > to execute a command that's not allowed:
> >
> > ----
> > Command '<something>' failed with return code 0 and error message
> > free(): invalid pointer 0x804dae0!
> > ----
> >
> > Normally, trying to free invalid pointers is a bad thing.  Am I the only
> > one seeing this?
>
> Some more info, with debug.  From WinSCP when I try to open a "command
> window":
>
> ----
> Command 'groups' failed with return code -1 and error message
> free(): invalid pointer 0x804dae0!
> ----
>
> ----
> Command 'pwd' failed with return code 0 and error message
> free(): invalid pointer 0x804dae0!
> ----
>
> I don't see anything at all in syslog.  If I turn up debuglevel to 6 (which
> I picked out of the blue), and try at a Linux shell:
>
> ssh -v -p 10006 bobo at localhost groups
>
> (I have ssh only listening on 10006 for this user) I get:
>
> ----
> <snip>
>
> Password:
> debug1: Authentication succeeded (keyboard-interactive).
> debug1: channel 0: new [client-session]
> debug1: Entering interactive session.
> debug1: Sending command: groups
> scponly[544]: chrooted binary in place, will chroot()
> scponly[544]: 3 arguments in total.
> scponly[544]:   arg 0 is scponlyc
> scponly[544]:   arg 1 is -c
> scponly[544]:   arg 2 is groups
> scponly[544]: opened log at LOG_AUTHPRIV, opts 0x00000029
> scponly[544]: retrieved home directory of
> "/home/sbs/store000/bobo//home/main" for user "bobo"
> scponly[544]: chrooting to dir: "/home/sbs/store000/bobo"
> scponly[544]: chdiring to dir: "/home/main"
> scponly[544]: setting uid to 1019
> scponly[544]: processing request: "groups"
> scponly[544]: Unable to find "LOG_SFTP" in the environment
> scponly[544]: Found "USER" and setting it to "bobo"
> scponly[544]: Unable to find "SFTP_UMASK" in the environment
> scponly[544]: Unable to find "SFTP_PERMIT_CHMOD" in the environment
> scponly[544]: Unable to find "SFTP_PERMIT_CHOWN" in the environment
> scponly[544]: Unable to find "SFTP_LOG_LEVEL" in the environment
> scponly[544]: Unable to find "SFTP_LOG_FACILITY" in the environment
> scponly[544]: Found "HOME" and setting it to
> "/home/sbs/store000/bobo//home/main"
> scponly[544]: Environment contains "USER=bobo"
> scponly[544]: Environment contains
> "HOME=/home/sbs/store000/bobo//home/main" scponly[544]: set HOME
> environment variable to / username: bobo(1019), IP/port:
> ::ffff:127.0.0.14925 10006
>
> scponly[544]: running: /usr/bin/groups (username: bobo(1019), IP/port:
> ::ffff:127.0.0.1 4925 10006)
>
> scponly[544]: failed: /usr/bin/groups with error No such file or
> directory(2) (username: bobo(1019), IP/port: ::ffff:127.0.0.1 4925 10006)
> free(): invalid pointer 0x804dae0!
> debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
> debug1: channel 0: free: client-session, nchannels 1
> debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds
> debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
> debug1: Exit status 2
> ----
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
-------------- next part --------------
A non-text attachment was scrubbed...
Name: scponly-safeenv.diff
Type: text/x-diff
Size: 1587 bytes
Desc: not available
Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20060317/c43eff63/scponly-safeenv.bin


More information about the scponly mailing list