Skip to content

improvements to wolfSSH_CleanPath function used with SCP #865

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ejohnstown merged 1 commit into from
Jan 8, 2026
Merged

improvements to wolfSSH_CleanPath function used with SCP #865

ejohnstown merged 1 commit into from
Jan 8, 2026
+22 −19

Conversation

@JacobBarthelmeh
Copy link
Contributor

@JacobBarthelmeh JacobBarthelmeh commented Jan 6, 2026

ZD20992

@JacobBarthelmeh JacobBarthelmeh self-assigned this Jan 6, 2026
Copilot AI reviewed Jan 6, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR improves the wolfSSH_CleanPath function by adding a buffer size parameter to prevent buffer overflow issues when processing file paths in SCP operations. The changes enhance security by validating that cleaned paths will fit in destination buffers before copying.

Key Changes:

  • Added inSz parameter to wolfSSH_CleanPath to specify buffer size
  • Updated buffer overflow check to verify cleaned paths fit before copying
  • Updated all call sites to pass appropriate buffer sizes

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File Description
wolfssh/internal.h Updated function signature to include buffer size parameter
src/internal.c Implemented buffer size validation, improved buffer allocation (+2 bytes for delimiter and null terminator), enhanced error message, removed redundant code
src/wolfscp.c Updated all call sites to pass appropriate buffer sizes (DEFAULT_SCP_MSG_SZ, DEFAULT_SCP_FILE_NAME_SZ, WOLFSSH_MAX_FILENAME, ssh->scpBasePathSz)

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@ejohnstown ejohnstown merged commit ea563b5 into wolfSSL:master Jan 8, 2026
99 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@ejohnstown ejohnstown ejohnstown approved these changes

Assignees

@ejohnstown ejohnstown

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@JacobBarthelmeh @ejohnstown @wolfSSL-Bot