bugzilla-daemon at mindrot.org
2004-Jul-19 18:21 UTC
[Bug 896] Inproper Input buffer handleing
http://bugzilla.mindrot.org/show_bug.cgi?id=896
Summary: Inproper Input buffer handleing
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Miscellaneous
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: stevensm at gmail.com
There are a set of circumstances that can cause sshd to incorrectly fatal()
1) Client advertises a large window > 0x10000 increment of 0xa0000 total
2) Server is sending more than above listed data to client
3) Client does not consume data as fast as server buffers it into
channel->input
4) Server's channel->input buffer grows above limits specified in
buffer.c
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Jul-19 18:23 UTC
[Bug 896] Inproper Input buffer handleing
http://bugzilla.mindrot.org/show_bug.cgi?id=896 ------- Additional Comments From stevensm at gmail.com 2004-07-20 04:23 ------- Created an attachment (id=685) --> (http://bugzilla.mindrot.org/attachment.cgi?id=685&action=view) Proposed patch to fix this problem by limiting input buffer to 0x10000 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.