From 88b6fcdeb87a2fb76767854d9eb15006662dca57 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Thu, 19 Nov 2015 08:23:27 +0000 Subject: [PATCH] upstream commit ban ConnectionAttempts=0, it makes no sense and would cause ssh_connect_direct() to print an uninitialised stack variable; bz#2500 reported by dvw AT phas.ubc.ca Upstream-ID: 32b5134c608270583a90b93a07b3feb3cbd5f7d5 --- ssh.c | 4 +++- sshconnect.c | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ssh.c b/ssh.c index cceb36e83..38e2b6674 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.429 2015/10/25 23:42:00 dtucker Exp $ */ +/* $OpenBSD: ssh.c,v 1.430 2015/11/19 08:23:27 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1096,6 +1096,8 @@ main(int ac, char **av) "disabling"); options.update_hostkeys = 0; } + if (options.connection_attempts <= 0) + fatal("Invalid number of ConnectionAttempts"); #ifndef HAVE_CYGWIN if (original_effective_uid != 0) options.use_privileged_port = 0; diff --git a/sshconnect.c b/sshconnect.c index 1507934d8..b2c878a50 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.267 2015/11/19 01:09:38 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.268 2015/11/19 08:23:27 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -434,6 +434,8 @@ ssh_connect_direct(const char *host, struct addrinfo *aitop, struct addrinfo *ai; debug2("%s: needpriv %d", __func__, needpriv); + memset(ntop, 0, sizeof(ntop)); + memset(strport, 0, sizeof(strport)); for (attempt = 0; attempt < connection_attempts; attempt++) { if (attempt > 0) {