bugzilla-daemon at mindrot.org
2013-May-09 08:45 UTC
[Bug 2100] New: Missing dereference when bzeroing unused identities
https://bugzilla.mindrot.org/show_bug.cgi?id=2100 Bug ID: 2100 Summary: Missing dereference when bzeroing unused identities Classification: Unclassified Product: Portable OpenSSH Version: 6.2p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: cjwatson at debian.org Created attachment 2256 --> https://bugzilla.mindrot.org/attachment.cgi?id=2256&action=edit Fix size passed to bzero GCC 4.8 warns (for Debian package, so line numbers may be off from mainline, sorry): ../sshconnect2.c: In function 'pubkey_prepare': ../sshconnect2.c:1527:20: warning: argument to 'sizeof' in 'bzero' call is the same expression as the destination; did you mean to dereference it? [-Wsizeof-pointer-memaccess] bzero(id, sizeof(id)); It's correct; this code only zeroes the first sizeof(pointer) bytes of the Identity structure, rather than the whole thing. Patch attached. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2013-May-10 03:40 UTC
[Bug 2100] Missing dereference when bzeroing unused identities
https://bugzilla.mindrot.org/show_bug.cgi?id=2100 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #1 from Damien Miller <djm at mindrot.org> --- applied - will be in 6.3. Thanks -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2013-May-10 04:08 UTC
[Bug 2100] Missing dereference when bzeroing unused identities
https://bugzilla.mindrot.org/show_bug.cgi?id=2100 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2076 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Aug-02 00:41 UTC
[Bug 2100] Missing dereference when bzeroing unused identities
https://bugzilla.mindrot.org/show_bug.cgi?id=2100 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #2 from Damien Miller <djm at mindrot.org> --- Close all resolved bugs after 7.3p1 release -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
Apparently Analagous Threads
- vanilla build of 7.7p1 release on linux/4.17 fails with gcc8 @ "/usr/bin/ld: unrecognized option '-Wl,-z,retpolineplt'"
- Deprecated calls to bzero() and index() found in OpenSSH 6.1p1
- [Bug 2095] New: ssh client not respecting IdentitiesOnly=yes option
- "no such identity"
- [Bug 2642] New: [sshconnect2] publickey authentication only properly works if used first: pubkey_prepare doesn't work after pubkey_cleanup