bugzilla-daemon at natsu.mindrot.org
2013-Nov-12 04:08 UTC
[Bug 2170] New: Potential integer overflow
https://bugzilla.mindrot.org/show_bug.cgi?id=2170 Bug ID: 2170 Summary: Potential integer overflow Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: loganaden at gmail.com Created attachment 2373 --> https://bugzilla.mindrot.org/attachment.cgi?id=2373&action=edit potential_overflow_fix in serverloop.c: max_time_milliseconds = options.client_alive_interval * 1000; client_alive_interval is declare as int. int client_alive_interval; /* * poke the client this often to * see if it's still there max_time_milliseconds is declared as u_int64_t. Can this potentially result in an overflow due to multiplication ? -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at natsu.mindrot.org
2013-Nov-12 19:57 UTC
[Bug 2170] Potential integer overflow
https://bugzilla.mindrot.org/show_bug.cgi?id=2170 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker at zip.com.au Blocks| |2130 --- Comment #1 from Darren Tucker <dtucker at zip.com.au> --- looks reasonable, add to the list for 6.5 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at natsu.mindrot.org
2013-Nov-12 19:57 UTC
[Bug 2170] Potential integer overflow
https://bugzilla.mindrot.org/show_bug.cgi?id=2170 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2373| |ok+ Flags| | -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at natsu.mindrot.org
2013-Dec-01 20:18 UTC
[Bug 2170] Potential integer overflow
https://bugzilla.mindrot.org/show_bug.cgi?id=2170 --- Comment #2 from Loganaden Velvindron <loganaden at gmail.com> --- Created attachment 2379 --> https://bugzilla.mindrot.org/attachment.cgi?id=2379&action=edit improve diff (switch 1000 to ULL) switch 1000 from integer to unsigned long long. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2013-Dec-08 13:18 UTC
[Bug 2170] Potential integer overflow
https://bugzilla.mindrot.org/show_bug.cgi?id=2170 --- Comment #3 from Loganaden Velvindron <loganaden at gmail.com> --- ping :-) ? Any feedback on the 1 line diff :-) ? -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2013-Dec-19 00:19 UTC
[Bug 2170] Potential integer overflow
https://bugzilla.mindrot.org/show_bug.cgi?id=2170 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #4 from Darren Tucker <dtucker at zip.com.au> --- Damien and I ended up having a bikeshed discussion on this :-) I think casting the second argument is unnecessary since it'll get promoted to unsigned long long anyway. First patch applied, it'll be in the next release. Thanks. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2013-Dec-19 04:26 UTC
[Bug 2170] Potential integer overflow
https://bugzilla.mindrot.org/show_bug.cgi?id=2170 --- Comment #5 from Loganaden Velvindron <loganaden at gmail.com> --- (In reply to Darren Tucker from comment #4)> Damien and I ended up having a bikeshed discussion on this :-) > > I think casting the second argument is unnecessary since it'll get > promoted to unsigned long long anyway. > > First patch applied, it'll be in the next release. > > Thanks.Thank you very much ! -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Aug-02 00:42 UTC
[Bug 2170] Potential integer overflow
https://bugzilla.mindrot.org/show_bug.cgi?id=2170 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #6 from Damien Miller <djm at mindrot.org> --- Close all resolved bugs after 7.3p1 release -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.