search for: buffer_get_string_ret

server is running openssh 4.6p1 on linux x86 (32bit) client is running openssh 4.6p1 on linux x86_64 (64bit) Just connecting from the client to the server and running "top" long enough results in: Disconnecting: Bad packet length 3690378913. This seems like a 32/64 bit problem to me. -- Andreas Steinmetz SPAMmers use robotrap at domdv.de

...if statement path:/c/amesh/142/src/crypto/openssh/authfile.c:307: cond_false: Condition "nkeys != 1", taking false branch path:/c/amesh/142/src/crypto/openssh/authfile.c:310: if_end: End of if statement path:/c/amesh/142/src/crypto/openssh/authfile.c:312: cond_false: Condition "(cp = buffer_get_string_ret(&copy, &len)) == NULL", taking false branch path:/c/amesh/142/src/crypto/openssh/authfile.c:315: if_end: End of if statement path:/c/amesh/142/src/crypto/openssh/authfile.c:322: cond_false: Condition "len < blocksize", taking false branch path:/c/amesh/142/src/crypto/opens...

These patches implement a new mux client request to list the currently opened TCP forwardings. It also removes some todos regarding keeping the list of forwardings in the options up-to-date. Bert Wesarg (6): attach the forwarding type to struct Forward merge local and remote forward lists generate unique ids for forwardings to be used for identification remove closed forwardings from

...;Unsupported multiplexing protocol version %d " + "(expected %d)", ver, SSHMUX_VER); + return -1; + } + debug2("%s: channel %d slave version %u", __func__, c->self, ver); + + /* No extensions are presently defined */ + while (buffer_len(m) > 0) { + char *name = buffer_get_string_ret(m, NULL); + char *value = buffer_get_string_ret(m, NULL); + + if (name == NULL || value == NULL) { + if (name != NULL) + xfree(name); + goto malf; } - buffer_free(&m); - close(client_fd); - return start_close; - default: - error("Unsupported command %d", mux_command);...

...Version: 4.2p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: kremenek at cs.stanford.edu Memory allocated by the call to buffer_get_string_ret may be lost on one of the two error paths. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...part defect part enhancement. Defect Part =========== I have a public key generated via prompt> openssl x509 -in cavanaug.x509 -pubkey -noout > cavanaug_x509.pub that I would like to have ssh-keygen convert to an openssh public key format. prompt> ssh-keygen -i -f cavanaug_x509.pub buffer_get_string_ret: bad string length 813826338 key_from_blob: can't read key type decode blob failed. prompt> cat cavanaug_x509.pub -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApy+8jp5YdUEqoNjmhg3X c+oMARMrXH5erMRh+C1DeAE/KxZd0ZXjhbDJ1NwvvIlmLJO6tmlqtbnNILgpJjna dPor6fcVsiLgHtwD5Cuy...

...39 00 00 00 16 00 00 00 0e 70 65 |2.0/29........pe| - so before the value of force-command, there is a single length offset 00 00 00 0b, and before the IP address - a single length offset: 00 00 00 0d ssh-keygen -L on such a Go-generated certificate gives the following error: Critical Options: buffer_get_string_ret: bad string length 796159344 buffer_get_string: buffer error The "bad string length" is easily explained - the decimal 796159344 is 0x2f746d70 which comes from the bytes 2f 74 6d 70 - "*/tmp*" in the "/tmp/foobar" string value of the force-command critical option. I...

We've run into an interesting dilemma regarding last log information and ssh 4.2p1. In 3.8, we didn't see this problem, but now has cropped up in 4.2. When a user logs in, sshd seems to call 'last' to get the last log information. 'last' then opens the /var/log/wtmp file and processes the information. On some systems, this file can be quite large, and we're seeing

...EMOTE host to port 2852. Actual results: local ssh: debug1: channel 3: new [127.0.0.1] debug1: confirm forwarded-tcpip debug3: channel 3: waiting for connection debug1: channel 3: connected ...debug2: channel 3: window 935334 sent adjust 1161818 debug2: channel 3: window 966656 sent adjust 1130496 buffer_get_string_ret: bad string length 557056 buffer_get_string: buffer error It seems to be a new regression in 4.7p1. See also https://bugzilla.redhat.com/show_bug.cgi?id=286181 and http://lists.mindrot.org/pipermail/openssh-unix-dev/2007-September/025661.html -- Configure bugmail: http://bugzilla.mindrot.org/u...