bugzilla-daemon at natsu.mindrot.org
2013-Nov-30 17:09 UTC
[Bug 2175] New: possible use after free
https://bugzilla.mindrot.org/show_bug.cgi?id=2175
Bug ID: 2175
Summary: possible use after free
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: loganaden at gmail.com
Created attachment 2377
--> https://bugzilla.mindrot.org/attachment.cgi?id=2377&action=edit
use_after_free fix
blob() might be freed on subsequent loop iterations.
if ((nkeys = pkcs11_add_provider(name, pin, &keys)) > 0) {
buffer_put_char(&msg, SSH2_AGENT_IDENTITIES_ANSWER);
buffer_put_int(&msg, nkeys);
for (i = 0; i < nkeys; i++) {
key_to_blob(keys[i], &blob, &blen)
buffer_put_string(&msg, blob, blen);
buffer_put_cstring(&msg, name);
free(blob);
add_key(keys[i], name);
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at natsu.mindrot.org
2013-Dec-02 03:09 UTC
[Bug 2175] possible use after free
https://bugzilla.mindrot.org/show_bug.cgi?id=2175
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |djm at mindrot.org
Blocks| |2130
Resolution|--- |FIXED
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
applied - thanks.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
https://bugzilla.mindrot.org/show_bug.cgi?id=2175
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.