Mailing List Archive

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 26e0bcf766fadb4a44fb6199386fb1dcab65ad00
Author: djm@openbsd.org <djm@openbsd.org>
Date: Mon Mar 30 00:00:29 2015 +0000

upstream commit

fix uninitialised memory read when parsing a config file
consisting of a single nul byte. Found by hanno AT hboeck.de using AFL; ok
dtucker
---
readconf.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/readconf.c b/readconf.c
index 42a2961..9e15f27 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.232 2015/02/16 22:13:32 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.233 2015/03/30 00:00:29 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -763,7 +763,9 @@ process_config_line(Options *options, struct passwd *pw, const char *host,
}

/* Strip trailing whitespace */
- for (len = strlen(line) - 1; len > 0; len--) {
+ if ((len = strlen(line)) == 0)
+ return 0;
+ for (len--; len > 0; len--) {
if (strchr(WHITESPACE, line[len]) == NULL)
break;
line[len] = '\0';

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 3f4ea3c9ab1d32d43c9222c4351f58ca11144156
Author: djm@openbsd.org <djm@openbsd.org>
Date: Fri Apr 3 22:17:27 2015 +0000

upstream commit

correct return value in pubkey parsing, spotted by Ben Hawkes
ok markus@
---
sshkey.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/sshkey.c b/sshkey.c
index 4768790..3cc3f44 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.15 2015/03/06 01:40:56 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.16 2015/04/03 22:17:27 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Alexander von Gernler. All rights reserved.
@@ -2013,8 +2013,8 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp,
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
- if (sshbuf_get_bignum2(b, key->rsa->e) == -1 ||
- sshbuf_get_bignum2(b, key->rsa->n) == -1) {
+ if (sshbuf_get_bignum2(b, key->rsa->e) != 0 ||
+ sshbuf_get_bignum2(b, key->rsa->n) != 0) {
ret = SSH_ERR_INVALID_FORMAT;
goto out;
}
@@ -2035,10 +2035,10 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp,
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
- if (sshbuf_get_bignum2(b, key->dsa->p) == -1 ||
- sshbuf_get_bignum2(b, key->dsa->q) == -1 ||
- sshbuf_get_bignum2(b, key->dsa->g) == -1 ||
- sshbuf_get_bignum2(b, key->dsa->pub_key) == -1) {
+ if (sshbuf_get_bignum2(b, key->dsa->p) != 0 ||
+ sshbuf_get_bignum2(b, key->dsa->q) != 0 ||
+ sshbuf_get_bignum2(b, key->dsa->g) != 0 ||
+ sshbuf_get_bignum2(b, key->dsa->pub_key) != 0) {
ret = SSH_ERR_INVALID_FORMAT;
goto out;
}

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits