From: Daniel Stenberg <daniel@haxx.se>
Date: Sat, 20 Sep 2025 13:00:37 +0000 (+0200)
Subject: libssh: error on bad chown number and store the value
X-Git-Tag: rc-8_17_0-2~430
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=df8244c30fa80cc9310a096f9c4c024a76ad1bc6;p=thirdparty%2Fcurl.git

libssh: error on bad chown number and store the value

To avoid continuing with an unintended zero uid. Also actually use the
value, which was omitted before!

Reported in Joshua's sarif data

Closes #18639
---

diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c
index be8336ad0a..56f21d85e9 100644
--- a/lib/vssh/libssh.c
+++ b/lib/vssh/libssh.c
@@ -1838,9 +1838,7 @@ static int myssh_in_SFTP_QUOTE_STAT(struct Curl_easy *data,
   else if(!strncmp(cmd, "chown", 5)) {
     const char *p = sshc->quote_path1;
     curl_off_t uid;
-    (void)curlx_str_number(&p, &uid, UINT_MAX);
-    if(sshc->quote_attrs->uid == 0 && !ISDIGIT(sshc->quote_path1[0]) &&
-       !sshc->acceptfail) {
+    if(curlx_str_number(&p, &uid, UINT_MAX)) {
       Curl_safefree(sshc->quote_path1);
       Curl_safefree(sshc->quote_path2);
       failf(data, "Syntax error: chown uid not a number");
@@ -1849,6 +1847,7 @@ static int myssh_in_SFTP_QUOTE_STAT(struct Curl_easy *data,
       sshc->actualcode = CURLE_QUOTE_ERROR;
       return SSH_NO_ERROR;
     }
+    sshc->quote_attrs->uid = (uint32_t)uid;
     sshc->quote_attrs->flags |= SSH_FILEXFER_ATTR_UIDGID;
   }
   else if(!strncmp(cmd, "atime", 5) ||