romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-06-21 02:15:37 +03:00
Code Issues Projects Releases Packages Wiki Activity

libssh: error on bad chown number and store the value

Browse source 
To avoid continuing with an unintended zero uid. Also actually use the
value, which was omitted before!

Reported in Joshua's sarif data

Closes #18639
This commit is contained in:
Daniel Stenberg 2025-09-20 15:00:37 +02:00
parent ca8ec6e033
commit df8244c30f
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 2 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

5
lib/vssh/libssh.c
View file

@ -1838,9 +1838,7 @@ static int myssh_in_SFTP_QUOTE_STAT(struct Curl_easy *data,
else if(!strncmp(cmd, "chown", 5)) {
const char *p = sshc->quote_path1;
curl_off_t uid;
(void)curlx_str_number(&p, &uid, UINT_MAX);
if(sshc->quote_attrs->uid == 0 && !ISDIGIT(sshc->quote_path1[0]) &&
!sshc->acceptfail) {
if(curlx_str_number(&p, &uid, UINT_MAX)) {
Curl_safefree(sshc->quote_path1);
Curl_safefree(sshc->quote_path2);
failf(data, "Syntax error: chown uid not a number");
@ -1849,6 +1847,7 @@ static int myssh_in_SFTP_QUOTE_STAT(struct Curl_easy *data,
sshc->actualcode = CURLE_QUOTE_ERROR;
return SSH_NO_ERROR;
}
sshc->quote_attrs->uid = (uint32_t)uid;
sshc->quote_attrs->flags |= SSH_FILEXFER_ATTR_UIDGID;
}
else if(!strncmp(cmd, "atime", 5) ||