search for: buffer_uncompress

I just upgraded to OpenSSH3.2.3p1 as it seemed that UsePrivilegeSeparation yes might help with my problem (connections forwarded are owned by root instead of the user I logged in as on the server), but instead, sshd barfs on receiving a connection. Without UsePrivilegeSeparation the server works fine. # strace -o /tmp/sshd.str sshd -d debug1: sshd version OpenSSH_3.2.3p1 debug1: private host

...OpenSSH 3.4p1 - same behaviour, except now there is a limit to the memory sshd tries to alloc, and it just dies with "fatal: buffer_append_space: alloc 10506240 not supported" anytime privsep is on and compression is on. After some digging, we were able to trace the problem to "buffer_uncompress" in compress.c - it seems that in some circumstances the inflate call returns Z_OK and incoming_stream.avail_out == 0, thus the program alloc's another sizeof(buf)-0 = 4096 bytes for the output_buffer, then repeats the call to inflate, which again returns status==0 and avail_out==0, thus e...

...+ pad_len + payload) */ len = buffer_len(&outgoing_packet); @@ -749,6 +761,7 @@ packet_disconnect("Corrupted check bytes on input."); buffer_consume_end(&incoming_packet, 4); +#ifdef WITH_COMPRESSION if (packet_compression) { buffer_clear(&compression_buffer); buffer_uncompress(&incoming_packet, &compression_buffer); @@ -756,6 +769,7 @@ buffer_append(&incoming_packet, buffer_ptr(&compression_buffer), buffer_len(&compression_buffer)); } +#endif type = buffer_get_char(&incoming_packet); *payload_len_ptr = buffer_len(&incoming_pack...