search for: hash_entrysize

...ch for ssh-1.2.31--------------------------- --- deattack.c.orig Wed Feb 7 13:53:47 2001 +++ deattack.c Wed Feb 7 13:54:24 2001 @@ -79,7 +79,7 @@ detect_attack(unsigned char *buf, word32 len, unsigned char *IV) { static word16 *h = (word16 *) NULL; - static word16 n = HASH_MINSIZE / HASH_ENTRYSIZE; + static word32 n = HASH_MINSIZE / HASH_ENTRYSIZE; register word32 i, j; word32 l; register unsigned char *c; 8<---------------------patch for ssh-1.2.31--------------------------- Bjoern Groenvall's ossh (ftp://ftp.pdc.kth.se/pub/krypto/ossh/): 8<-----------------...

...h Compile the ssh package. --- ssh-1.2.31/deattack.c-old Wed Feb 7 19:45:16 2001 +++ ssh-1.2.31/deattack.c Wed Feb 7 19:54:11 2001 @@ -79,7 +79,7 @@ detect_attack(unsigned char *buf, word32 len, unsigned char *IV) { static word16 *h = (word16 *) NULL; - static word16 n = HASH_MINSIZE / HASH_ENTRYSIZE; + static word32 n = HASH_MINSIZE / HASH_ENTRYSIZE; register word32 i, j; word32 l; register unsigned char *c; --------------------- end deattack patch ------------------- Vendors notified on: 2001-02-07 This advisory has been released early due to the disclosure of infor...

This is the 1st revision of the Advisory. This document can be found at: http://www.openssh.com/txt/buffer.adv 1. Versions affected: All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively. 2. Solution: Upgrade to OpenSSH

http://bugzilla.mindrot.org/show_bug.cgi?id=775 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |WORKSFORME ------- Additional Comments From djm at mindrot.org 2004-12-20 10:59

...f (!CMP(c, d)) { - if ((check_crc(c, buf, len, IV))) + if ((check_crc(c, buf, len, IV))) { + if (h) + xfree(h); return (DEATTACK_DETECTED); - else + } else break; } } } + if (h) + xfree(h); return (DEATTACK_OK); } memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE); @@ -138,19 +144,25 @@ i = (i + 1) & (n - 1)) { if (h[i] == HASH_IV) { if (!CMP(c, IV)) { - if (check_crc(c, buf, len, IV)) + if (check_crc(c, buf, len, IV)) { + if (h) + xfree(h); return (DEATTACK_DETECTED); - else + } else break; } }...

OpenBSD tree is heading into a lock and this includes OpenSSH. So we are winding up for a 3.5 release. If we can get people to test the current snapshots and report any problems that would improve the odds that your platform won't be broke for 3.5. Issues I know off of right now. 1. I can't test NeXT. So I TRULY need someone in that community to test for me. Last I heard there was

This patch is against Cray patch against openssh-SNAP-20010710. Here a few notes about them: 1) rijndael does not work on cray due to the fact it is rooted in 32 bits. I looking for a fix, it may come form Wendy Palam. For now the cray default to the following cihpers for ssh version 2 ssh are: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour 2) Crays don't have setitimer so I

...c b/deattack.c index e76481a..e5193db 100644 --- a/deattack.c +++ b/deattack.c @@ -97,7 +97,7 @@ check_crc(const u_char *S, const u_char *buf, u_int32_t len) void deattack_init(struct deattack_ctx *dctx) { - bzero(dctx, sizeof(*dctx)); + memset(dctx, sizeof(*dctx)); dctx->n = HASH_MINSIZE / HASH_ENTRYSIZE; } diff --git a/loginrec.c b/loginrec.c index 788553e..332da3e 100644 --- a/loginrec.c +++ b/loginrec.c @@ -1032,7 +1032,7 @@ utmpx_perform_login(struct logininfo *li) return (0); } # else - if (!utmpx_write_direct(li, &ut)) { + if (!utmpx_write_direct(li, &utx)) { logit("%...