tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- djm@cvs.openbsd.org 2014/02/27 08:25:09 

[bufbn.c]
     off by one in range check
This commit is contained in:
Damien Miller 2014-02-28 10:00:57 +11:00
parent f9a9aaba43
commit 172ec7e0af
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@ -4,6 +4,9 @@
[bufbn.c] [bufbn.c]
fix unsigned overflow that could lead to reading a short ssh protocol fix unsigned overflow that could lead to reading a short ssh protocol
1 bignum value; found by Ben Hawkes; ok deraadt@ 1 bignum value; found by Ben Hawkes; ok deraadt@
- djm@cvs.openbsd.org 2014/02/27 08:25:09
[bufbn.c]
off by one in range check
20140227 20140227
- OpenBSD CVS Sync - OpenBSD CVS Sync

4
bufbn.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: bufbn.c,v 1.10 2014/02/27 00:41:49 djm Exp $*/ /* $OpenBSD: bufbn.c,v 1.11 2014/02/27 08:25:09 djm Exp $*/
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -108,7 +108,7 @@ buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value)
return (-1); return (-1);
} }
bits = get_u16(buf); bits = get_u16(buf);
if (bits > 65536-7) { if (bits > 65535-7) {
error("buffer_get_bignum_ret: cannot handle BN of size %d", error("buffer_get_bignum_ret: cannot handle BN of size %d",
bits); bits);
return (-1); return (-1);