thr3ads.net - openssh bugs - [Bug 1092] get_remote_hostname() potentially passing uninitialised buffer to debug [Sep 2005]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at mindrot.org

2005-Sep-26 05:15 UTC

[Bug 1092] get_remote_hostname() potentially passing uninitialised buffer to debug

http://bugzilla.mindrot.org/show_bug.cgi?id=1092

           Summary: get_remote_hostname() potentially passing uninitialised
                    buffer to debug
           Product: Portable OpenSSH
           Version: 4.2p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: minor
          Priority: P2
         Component: ssh
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: dleonard at vintela.com


get_remote_hostname() calls check_ip_options(..., ntop)
but, at that point, ntop is an uninitialised auto.
check_ip_options(, ipaddr) then calls logit("...%.100s..", ipaddr)
which will log some binary garbage.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

bugzilla-daemon at mindrot.org

2005-Sep-26 06:30 UTC

head link

[Bug 1092] get_remote_hostname() potentially passing uninitialised buffer to debug

http://bugzilla.mindrot.org/show_bug.cgi?id=1092





------- Additional Comments From dtucker at zip.com.au  2005-09-26 16:30 -------
Created an attachment (id=966)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=966&action=view)
relocate check_ip_options call.

The obvious fix would seem to be a relocation of the check_ip_options call.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

bugzilla-daemon at mindrot.org

2005-Oct-03 07:55 UTC

head link

[Bug 1092] get_remote_hostname() potentially passing uninitialised buffer to debug

http://bugzilla.mindrot.org/show_bug.cgi?id=1092


dtucker at zip.com.au changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED




------- Additional Comments From dtucker at zip.com.au  2005-10-03 17:55 -------
Patch applied, thanks for the report.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

bugzilla-daemon at mindrot.org

2005-Oct-03 07:56 UTC

head link

[Bug 1092] get_remote_hostname() potentially passing uninitialised buffer to debug

http://bugzilla.mindrot.org/show_bug.cgi?id=1092


dtucker at zip.com.au changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
OtherBugsDependingO|                            |1047
              nThis|                            |






------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

openssh bugs - Sep 2005 - [Bug 1092] get_remote_hostname() potentially passing uninitialised buffer to debug

[Bug 1092] get_remote_hostname() potentially passing uninitialised buffer to debug

[Bug 1092] get_remote_hostname() potentially passing uninitialised buffer to debug

[Bug 1092] get_remote_hostname() potentially passing uninitialised buffer to debug

[Bug 1092] get_remote_hostname() potentially passing uninitialised buffer to debug