From: djm@openbsd.org Date: Fri, 5 Jun 2026 08:48:43 +0000 (+0000) Subject: upstream: avoid truncation of pathnames headed to lstat() for X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=refs%2Fremotes%2Fgithub-selfhosted%2Fmaster;p=thirdparty%2Fopenssh-portable.git upstream: avoid truncation of pathnames headed to lstat() for systems where PATH_MAX is not the actual max; reported by sahvx655-wq via GHPR688 OpenBSD-Commit-ID: fcbeeff99d857f2f3916ad06570fa05fc38b0f07 --- diff --git a/sftp-server.c b/sftp-server.c index ed57339d5..156d5ece5 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.154 2026/05/31 04:59:51 djm Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.155 2026/06/05 08:48:43 djm Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -1136,7 +1136,7 @@ process_readdir(uint32_t id) send_status(id, SSH2_FX_FAILURE); } else { struct stat st; - char pathname[PATH_MAX]; + char *pathname; Stat *stats; int nstats = 10, count = 0, i; @@ -1146,10 +1146,11 @@ process_readdir(uint32_t id) nstats *= 2; stats = xreallocarray(stats, nstats, sizeof(Stat)); } -/* XXX OVERFLOW ? */ - snprintf(pathname, sizeof pathname, "%s%s%s", path, + xasprintf(&pathname, "%s%s%s", path, strcmp(path, "/") ? "/" : "", dp->d_name); - if (lstat(pathname, &st) == -1) + r = lstat(pathname, &st); + free(pathname); + if (r == -1) continue; stat_to_attrib(&st, &(stats[count].attrib)); stats[count].name = xstrdup(dp->d_name);