bugzilla-daemon at mindrot.org
2003-Mar-25 00:36 UTC
[Bug 519] parsing bug in host.allow element of login.conf(5)
http://bugzilla.mindrot.org/show_bug.cgi?id=519 Summary: parsing bug in host.allow element of login.conf(5) Product: Portable OpenSSH Version: 3.5p1 Platform: All URL: http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ssh/ auth.c#rev1.18 OS/Version: NetBSD Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: lukem at netbsd.org There's a bug in the parser code for the "host.allow" element of login.conf(5). If you have more than one hostname in a comma separated argument to "host.allow=", and there's not a positive or negative match on the first element, sshd will infinitely loop because there's a missing strtok() to advance to the next field. The URL quoted above contains the cvs commit message I made to NetBSD-current to fix the problem there. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.