From df8244c30fa80cc9310a096f9c4c024a76ad1bc6 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sat, 20 Sep 2025 15:00:37 +0200 Subject: [PATCH] libssh: error on bad chown number and store the value To avoid continuing with an unintended zero uid. Also actually use the value, which was omitted before! Reported in Joshua's sarif data Closes #18639 --- lib/vssh/libssh.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c index be8336ad0a..56f21d85e9 100644 --- a/lib/vssh/libssh.c +++ b/lib/vssh/libssh.c @@ -1838,9 +1838,7 @@ static int myssh_in_SFTP_QUOTE_STAT(struct Curl_easy *data, else if(!strncmp(cmd, "chown", 5)) { const char *p = sshc->quote_path1; curl_off_t uid; - (void)curlx_str_number(&p, &uid, UINT_MAX); - if(sshc->quote_attrs->uid == 0 && !ISDIGIT(sshc->quote_path1[0]) && - !sshc->acceptfail) { + if(curlx_str_number(&p, &uid, UINT_MAX)) { Curl_safefree(sshc->quote_path1); Curl_safefree(sshc->quote_path2); failf(data, "Syntax error: chown uid not a number"); @@ -1849,6 +1847,7 @@ static int myssh_in_SFTP_QUOTE_STAT(struct Curl_easy *data, sshc->actualcode = CURLE_QUOTE_ERROR; return SSH_NO_ERROR; } + sshc->quote_attrs->uid = (uint32_t)uid; sshc->quote_attrs->flags |= SSH_FILEXFER_ATTR_UIDGID; } else if(!strncmp(cmd, "atime", 5) ||