openssh bugs - Feb 2007 - [Bug 1281] getrrsetbyname() does not check the presence of SIG records

http://bugzilla.mindrot.org/show_bug.cgi?id=1281

           Summary: getrrsetbyname() does not check the presence of SIG
                    records
           Product: Portable OpenSSH
           Version: 4.4p1
          Platform: Alpha
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: svallet at genoscope.cns.fr


In getrrsetbyname(), the value of rrset->rri_nsigs is not checked
before calling calloc() to initialize rrset->rri_sigs -- this is a
problem when rri_nsigs is 0, since calloc() returns a null pointer on
some OSes when asked to allocate 0 bytes.

Quoting POSIX regarding calloc():
"If the size of the space requested is 0, the behavior is
implementation-defined: the value returned shall be either a null
pointer or a unique pointer."

Tru64 5.1A, for example, does return NULL in this case -- see
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=117098800530793

A minimal patch against 4.4p1 is attached




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1281





------- Comment #1 from svallet at genoscope.cns.fr  2007-02-10 00:58 -------
Created an attachment (id=1236)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=1236&action=view)
Patch against 4.4p1

This patch checks that there are indeed SIG records before allocating
space for them -- see bug report for mor details




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1281


dtucker at zip.com.au changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #1236|                            |ok+
               Flag|                            |




------- Comment #2 from dtucker at zip.com.au  2007-02-10 11:35 -------
(From update of attachment 1236)
Looks reasonable to me.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1281


dtucker at zip.com.au changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
OtherBugsDependingO|                            |1274
              nThis|                            |






------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1281


dtucker at zip.com.au changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|                            |FIXED




------- Comment #3 from dtucker at zip.com.au  2007-02-19 22:57 -------
Applied thanks, and nice work figuring it out.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.