Displaying 2 results from an estimated 2 matches for "42a2961".
Did you mean:
122961
2015 Mar 29
2
Invalid memory access / read stack overflow when reading config with zero bytes
...CFCA: __GI_strchr (in
> /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==5578== by 0x117B6B: process_config_line (readconf.c:785)
> ==5578== by 0x119DED: read_config_file (readconf.c:1633)
reproduced; the line numbers were wrong.
diff --git a/readconf.c b/readconf.c
index 42a2961..5130407 100644
--- a/readconf.c
+++ b/readconf.c
@@ -763,7 +763,9 @@ process_config_line(Options *options, struct passwd *pw, const char *host,
}
/* Strip trailing whitespace */
- for (len = strlen(line) - 1; len > 0; len--) {
+ if ((len = strlen(line)) == 0)
+ return 0;
+ for (len--; le...
2015 Mar 29
4
Invalid memory access / read stack overflow when reading config with zero bytes
On Mon, 30 Mar 2015 09:19:02 +1100 (AEDT)
Damien Miller <djm at mindrot.org> wrote:
> What version of OpenSSH is this?
6.8 portable on Linux.
> Also, when reporting fuzzer-derived problems it really helps to
> include the test-case.
The "test case" is a one byte file containing a zero byte. But here it
is :-)
--
Hanno B?ck
http://hboeck.de/
mail/jabber: hanno at