Libcurl-7.58.0: SFtp access causing access violation #2312

Closed
skundu07 opened this Issue Feb 15, 2018 · 3 comments

Comments

Projects
None yet
2 participants
@skundu07

Dear developers,

The latest Libcurl v7.58.0 is causing access violation in debug mode when connecting to a SFtp site.

It seems this issue was introduced in the last release after adding LIBSSH support. It affects all OSes.

Here is the cause of this issue.

In the latest build, you have added new enum constant SSH_AUTH_GSSAPI (at line no.57), and SSH_SCP_DOWNLOAD (at line No.93) in "ssh.h" file under 'lib" folder. But you have forgotten to add corresponding string constants in static char pointer array "names[]" at line number 328 in "ssh.c" file. This is causing access violation at line number 393 in "ssh.c" when the state value is 'SSH_SESSION_FREE' or 'SSH_QUIT'.

So, you need to add these state strings in the "names[]" array to fix this issue. So, it will look like.

ssh.c @ 328

static const char * const names[] = {
"SSH_STOP",
"SSH_INIT",
"SSH_S_STARTUP",
"SSH_HOSTKEY",
"SSH_AUTHLIST",
"SSH_AUTH_PKEY_INIT",
"SSH_AUTH_PKEY",
"SSH_AUTH_PASS_INIT",
"SSH_AUTH_PASS",
"SSH_AUTH_AGENT_INIT",
"SSH_AUTH_AGENT_LIST",
"SSH_AUTH_AGENT",
"SSH_AUTH_HOST_INIT",
"SSH_AUTH_HOST",
"SSH_AUTH_KEY_INIT",
"SSH_AUTH_KEY",
"SSH_AUTH_GSSAPI",
"SSH_AUTH_DONE",
"SSH_SFTP_INIT",
"SSH_SFTP_REALPATH",
"SSH_SFTP_QUOTE_INIT",
"SSH_SFTP_POSTQUOTE_INIT",
"SSH_SFTP_QUOTE",
"SSH_SFTP_NEXT_QUOTE",
"SSH_SFTP_QUOTE_STAT",
"SSH_SFTP_QUOTE_SETSTAT",
"SSH_SFTP_QUOTE_SYMLINK",
"SSH_SFTP_QUOTE_MKDIR",
"SSH_SFTP_QUOTE_RENAME",
"SSH_SFTP_QUOTE_RMDIR",
"SSH_SFTP_QUOTE_UNLINK",
"SSH_SFTP_QUOTE_STATVFS",
"SSH_SFTP_GETINFO",
"SSH_SFTP_FILETIME",
"SSH_SFTP_TRANS_INIT",
"SSH_SFTP_UPLOAD_INIT",
"SSH_SFTP_CREATE_DIRS_INIT",
"SSH_SFTP_CREATE_DIRS",
"SSH_SFTP_CREATE_DIRS_MKDIR",
"SSH_SFTP_READDIR_INIT",
"SSH_SFTP_READDIR",
"SSH_SFTP_READDIR_LINK",
"SSH_SFTP_READDIR_BOTTOM",
"SSH_SFTP_READDIR_DONE",
"SSH_SFTP_DOWNLOAD_INIT",
"SSH_SFTP_DOWNLOAD_STAT",
"SSH_SFTP_CLOSE",
"SSH_SFTP_SHUTDOWN",
"SSH_SCP_TRANS_INIT",
"SSH_SCP_UPLOAD_INIT",
"SSH_SCP_DOWNLOAD_INIT",
"SSH_SCP_DOWNLOAD",
"SSH_SCP_DONE",
"SSH_SCP_SEND_EOF",
"SSH_SCP_WAIT_EOF",
"SSH_SCP_WAIT_CLOSE",
"SSH_SCP_CHANNEL_FREE",
"SSH_SESSION_DISCONNECT",
"SSH_SESSION_FREE",
"QUIT"
};

Thanks for looking into this issue.

Regards,
Somnath Kundu

@bagder

This comment has been minimized.

Show comment Hide comment
@bagder

bagder Feb 15, 2018

Owner

Ack, fortunately it only happens in debug-builds. Fix pending.

Owner

bagder commented Feb 15, 2018

Ack, fortunately it only happens in debug-builds. Fix pending.

bagder added a commit that referenced this issue Feb 15, 2018

ssh: add two missing state names
The list of state names (used in debug builds) was out of sync in
relation to the list of states (used in all builds).

I now added an assert to make sure the sizes of the two lists match, to
aid in detecting this mistake better in the future.

Regression since c92d2e1, shipped in 7.58.0.

Reported-by: skundu07 on github

Fixes #2312

@bagder bagder closed this in 797b210 Feb 16, 2018

@bagder

This comment has been minimized.

Show comment Hide comment
@bagder

bagder Feb 16, 2018

Owner

Thanks for the report!

Owner

bagder commented Feb 16, 2018

Thanks for the report!

@skundu07

This comment has been minimized.

Show comment Hide comment
@skundu07

skundu07 Feb 16, 2018

fsedano added a commit to fsedano/curl that referenced this issue Feb 20, 2018

ssh: add two missing state names
The list of state names (used in debug builds) was out of sync in
relation to the list of states (used in all builds).

I now added an assert to make sure the sizes of the two lists match, to
aid in detecting this mistake better in the future.

Regression since c92d2e1, shipped in 7.58.0.

Reported-by: Somnath Kundu

Fixes #2312
Closes #2313
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment