openssh bugs - Jun 2011 - [Bug 1913] New: wrong type for version in sftp-server.c

https://bugzilla.mindrot.org/show_bug.cgi?id=1913

           Summary: wrong type for version in sftp-server.c
           Product: Portable OpenSSH
           Version: 5.8p2
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sftp
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: mb at smartftp.com


The type of version is defined as (line 71, file: sftp-server.c):
int version;

but it should be defined as
u_int32_t version;

Why is this important? 
A client is submitting a value >= 2^31 in the client version (which is
okay according to the RFC). The code however interprets such a value as
a signed int and versions checks as the following will fail as a
result:
line 417
    if (version >= 3) {
        buffer_put_cstring(&msg, status_to_message(status));
        buffer_put_cstring(&msg, "");
    }

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1913

Mat <mb at smartftp.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|sftp                        |sftp-server

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1913

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
             Blocks|                            |1845
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED

--- Comment #1 from Damien Miller <djm at mindrot.org> 2011-06-18 09:45:52
EST ---
Fixed - thanks. This will be in OpenSSH-5.9

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1913

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #2 from Damien Miller <djm at mindrot.org> 2011-09-06 15:33:07
EST ---
close resolved bugs now that openssh-5.9 has been released

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.