Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Bugs
[Bug 1486] New: Improperly used buffer during KEX
bugzilla-daemon at bugzilla
Jul 12, 2008, 4:40 AM
Post #1 of 1 (235 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=1486

Summary: Improperly used buffer during KEX
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.0p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Miscellaneous
AssignedTo: unassigned-bugs@mindrot.org
ReportedBy: godji@300penguins.org


In kex.c:kex_input_kexinit, when a packet with the other side's KEX
proposal is received, it is appended into a buffer that has not been
cleared first. This could lead to problems - in particular, if that
buffer already contains an old peer proposal, the new one will be
appended but the old one will be silently used instead.

The code is currently:

ptr = packet_get_raw(&dlen);
buffer_append(&kex->peer, ptr, dlen);

but should be:

ptr = packet_get_raw(&dlen);
buffer_clear(&kex->peer);
buffer_append(&kex->peer, ptr, dlen);

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal