Re: [PATCH 2/12] bug fix: openssh-4.3p2 NULL dereference
This is a discussion on Re: [PATCH 2/12] bug fix: openssh-4.3p2 NULL dereference within the OpenSSH Development forums, part of the Networking and Network Related category; IV is always valid in this case. however, we removed this code for the next release, since it's not ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-16-2006
|
|||
|
|||
Re: [PATCH 2/12] bug fix: openssh-4.3p2 NULL dereference
IV is always valid in this case.
however, we removed this code for the next release, since it's not used. On Mon, May 15, 2006 at 03:18:58PM -0500, Kylene Jo Hall wrote: > The variable IV does can be NULL when passed into the function. However, > IV is dereferenced in CMP, therefore, IV should be checked before > sending it to this macro. This patch adds what is common in other parts > of the code but is missing on this particular check. This entire set of > patches passed the regression tests on my system. Null dereference bug > found by Coverity. > > Signed-off-by: Kylene Hall <kjhall@us.ibm.com> > --- > deattack.c | 2 +- > 1 files changed, 1 insertion(+), 1 deletion(-) > > diff -uprN openssh-4.3p2/deattack.c openssh-4.3p2-kylie/deattack.c > --- openssh-4.3p2/deattack.c 2003-09-22 06:04:23.000000000 -0500 > +++ openssh-4.3p2-kylie/deattack.c 2006-05-04 15:10:19.000000000 -0500 > @@ -137,7 +137,7 @@ detect_attack(u_char *buf, u_int32_t len > for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED; > i = (i + 1) & (n - 1)) { > if (h[i] == HASH_IV) { > - if (!CMP(c, IV)) { > + if (IV && !CMP(c, IV)) { > if (check_crc(c, buf, len, IV)) > return (DEATTACK_DETECTED); > else > > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@mindrot.org > http://www.mindrot.org/mailman/listi...enssh-unix-dev _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org http://www.mindrot.org/mailman/listi...enssh-unix-dev 
|
Linear Mode
