search for: hash_unused

Displaying 6 results from an estimated 6 matches for "hash_unused".

2004 Dec 19
2
[Bug 775] patches for Cray systems
http://bugzilla.mindrot.org/show_bug.cgi?id=775 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |WORKSFORME ------- Additional Comments From djm at mindrot.org 2004-12-20 10:59
2006 May 15
1
[PATCH 2/12] bug fix: openssh-4.3p2 NULL dereference
...prN openssh-4.3p2/deattack.c openssh-4.3p2-kylie/deattack.c --- openssh-4.3p2/deattack.c 2003-09-22 06:04:23.000000000 -0500 +++ openssh-4.3p2-kylie/deattack.c 2006-05-04 15:10:19.000000000 -0500 @@ -137,7 +137,7 @@ detect_attack(u_char *buf, u_int32_t len for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED; i = (i + 1) & (n - 1)) { if (h[i] == HASH_IV) { - if (!CMP(c, IV)) { + if (IV && !CMP(c, IV)) { if (check_crc(c, buf, len, IV)) return (DEATTACK_DETECTED); else
2001 Feb 08
0
BindView advisory: sshd remote root (bug in deattack.c)
...65536 for large input buffers, is assigned to a 16-bit local variable, effectively causing it to be set to 0. Due to specific malloc(0) behavior, memory allocation routine will be passed, creating buffer of size (malloc_usable_size) 12. Next: for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED; We can see n-1 here, and n is equal to 0. Because i is an unsigned 32-bit integer, it would cause integer overflow. This code will be equal to i = HASH(c) & 0xffffffff. Binary AND operator reduces this to i = HASH(c). Pointer 'c' is referencing client-provided cryptographic packet, a...
2002 Sep 23
19
Call for testing for 3.5 OpenSSH
OpenBSD tree is heading into a lock and this includes OpenSSH. So we are winding up for a 3.5 release. If we can get people to test the current snapshots and report any problems that would improve the odds that your platform won't be broke for 3.5. Issues I know off of right now. 1. I can't test NeXT. So I TRULY need someone in that community to test for me. Last I heard there was
2001 Jul 22
2
Patches for Cray T3Es running Unicossmk and SV1s running Unicos
This patch is against Cray patch against openssh-SNAP-20010710. Here a few notes about them: 1) rijndael does not work on cray due to the fact it is rooted in 32 bits. I looking for a fix, it may come form Wendy Palam. For now the cray default to the following cihpers for ssh version 2 ssh are: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour 2) Crays don't have setitimer so I
2001 Feb 08
0
[CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector vulnerability
...ary memory locations in the program (ssh server or client) address space, thus allowing an attacker to execute arbitrary code on the vulnerable machine, see lines marked with (*): for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) { (*) for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED; i = (i + 1) & (n - 1)) { if (h[i] == HASH_IV) { if (!CMP(c, IV)) { if (check_crc(c, buf, len, IV)) return (DEATTACK_DETECTED); else break; } } else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE))...