From 9f18cb6544bbf47e2e2fad6564bc03098273c7bc Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 18 Sep 2025 14:02:51 +0200 Subject: [PATCH] libssh2: error check and null-terminate in ssh_state_sftp_readdir_link() - null-terminate the result to match the other getter `libssh2_sftp_symlink_ex()` call. - check negative result and bail out early. Reported-by: Joshua Rogers Closes #18598 --- lib/vssh/libssh2.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c index 5dfc377ec1..73d48077b5 100644 --- a/lib/vssh/libssh2.c +++ b/lib/vssh/libssh2.c @@ -2405,6 +2405,12 @@ static CURLcode ssh_state_sftp_readdir_link(struct Curl_easy *data, curlx_dyn_free(&sshp->readdir_link); + if(rc < 0) + return CURLE_OUT_OF_MEMORY; + + /* It seems that this string is not always null-terminated */ + sshp->readdir_filename[rc] = '\0'; + /* append filename and extra output */ result = curlx_dyn_addf(&sshp->readdir, " -> %s", sshp->readdir_filename); if(result) -- 2.47.3