Displaying 6 results from an estimated 6 matches for "hash_unused".
2004 Dec 19
2
[Bug 775] patches for Cray systems
http://bugzilla.mindrot.org/show_bug.cgi?id=775
djm at mindrot.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |WORKSFORME
------- Additional Comments From djm at mindrot.org 2004-12-20 10:59
2006 May 15
1
[PATCH 2/12] bug fix: openssh-4.3p2 NULL dereference
...prN openssh-4.3p2/deattack.c openssh-4.3p2-kylie/deattack.c
--- openssh-4.3p2/deattack.c 2003-09-22 06:04:23.000000000 -0500
+++ openssh-4.3p2-kylie/deattack.c 2006-05-04 15:10:19.000000000 -0500
@@ -137,7 +137,7 @@ detect_attack(u_char *buf, u_int32_t len
for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
i = (i + 1) & (n - 1)) {
if (h[i] == HASH_IV) {
- if (!CMP(c, IV)) {
+ if (IV && !CMP(c, IV)) {
if (check_crc(c, buf, len, IV))
return (DEATTACK_DETECTED);
else
2001 Feb 08
0
BindView advisory: sshd remote root (bug in deattack.c)
...65536 for large input buffers, is assigned to a 16-bit
local variable, effectively causing it to be set to 0. Due to specific
malloc(0) behavior, memory allocation routine will be passed, creating
buffer of size (malloc_usable_size) 12. Next:
for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
We can see n-1 here, and n is equal to 0. Because i is an unsigned
32-bit integer, it would cause integer overflow. This code will be
equal to i = HASH(c) & 0xffffffff. Binary AND operator reduces this
to i = HASH(c). Pointer 'c' is referencing client-provided cryptographic
packet, a...
2002 Sep 23
19
Call for testing for 3.5 OpenSSH
OpenBSD tree is heading into a lock and this includes OpenSSH. So we are
winding up for a 3.5 release. If we can get people to test the current
snapshots and report any problems that would improve the odds that your
platform won't be broke for 3.5.
Issues I know off of right now.
1. I can't test NeXT. So I TRULY need someone in that community to test
for me. Last I heard there was
2001 Jul 22
2
Patches for Cray T3Es running Unicossmk and SV1s running Unicos
This patch is against Cray patch against openssh-SNAP-20010710. Here
a few notes about them:
1) rijndael does not work on cray due to the fact it is rooted in 32 bits.
I looking for a fix, it may come form Wendy Palam. For now the cray
default to the following cihpers for ssh version 2 ssh are:
3des-cbc,blowfish-cbc,cast128-cbc,arcfour
2) Crays don't have setitimer so I
2001 Feb 08
0
[CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector vulnerability
...ary memory locations in the program (ssh server or client) address
space, thus allowing an attacker to execute arbitrary code on the
vulnerable
machine, see lines marked with (*):
for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++)
{
(*) for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
i = (i + 1) & (n - 1))
{
if (h[i] == HASH_IV)
{
if (!CMP(c, IV))
{
if (check_crc(c, buf, len, IV))
return (DEATTACK_DETECTED);
else
break;
}
} else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE))...