Bug 652535 – query_info_reply() for sftp backend sets symlink target incorrectly

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 652535 - query_info_reply() for sftp backend sets symlink target incorrectly


Summary:	query_info_reply() for sftp backend sets symlink target incorrectly


Status:	RESOLVED FIXED

Product:	gvfs
Classification:	Core
Component:	sftp backend
Version:	1.8.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	gvfs-maint
QA Contact:	gvfs-maint

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2011-06-14 09:17 UTC by Alexandre Rostovtsev
Modified:	2012-11-26 15:55 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Simple patch to correctly parse the symlink target (1.20 KB, patch) 2011-06-14 09:19 UTC, Alexandre Rostovtsev	none	Details \| Review
screenshot of the issue (22.34 KB, image/png) 2012-11-26 13:00 UTC, Ritesh Khadgaray ( irc:ritz)		Details

Description Alexandre Rostovtsev 2011-06-14 09:17:21 UTC

In SSH_FXP_NAME messages, the name field is preceded by a uint32 count field. query_info_reply() in gvfsbackendsftp.c does not take the existence of the count field into account, and so sets symlink targets incorrectly. Specifically: since the SSH_FXP_NAME reply to an SSH_FXP_READLINK message always has count == 1, the symlink target always gets set to NULL, which is in the best case useless, and in the worst case leads to segmentation faults (see bug 652526).

For a simple demonstration, use gvfs-info to stat a symlink on an ssh mount.

This bug is present both in 1.8.x and 1.9.x versions of sftp.

Comment 1 Alexandre Rostovtsev 2011-06-14 09:19:36 UTC

Created attachment 189878 [details] [review]
Simple patch to correctly parse the symlink target

Comment 2 Ritesh Khadgaray ( irc:ritz) 2012-11-26 13:00:46 UTC

Created attachment 229901 [details]
screenshot of the issue

__self:

6.10 Dealing with Symbolic links

    The SSH_FXP_READLINK request may be used to read the target of a
   symbolic link.  It would have a data part as follows:

   	uint32     id
   	string     path

   where `id' is the request identifier and `path' specifies the path
   name of the symlink to be read.

   The server will respond with a SSH_FXP_NAME packet containing only
   one name and a dummy attributes value.  The name in the returned
   packet contains the target of the link.  If an error occurs, the
   server may respond with SSH_FXP_STATUS.

    The SSH_FXP_SYMLINK request will create a symbolic link on the
   server.  It is of the following format

   	uint32     id
   	string     linkpath
   	string     targetpath

   where `id' is the request identifier, `linkpath' specifies the path
   name of the symlink to be created and `targetpath' specifies the
   target of the symlink.  The server shall respond with a
   SSH_FXP_STATUS indicating either success (SSH_FX_OK) or an error
   condition.

Comment 3 Alexander Larsson 2012-11-26 15:55:25 UTC

thanks, pushed to master.