Displaying 2 results from an estimated 2 matches for "hasnohigh".
2004 Feb 21
0
overflow in buffer_put_bignum2
Hi
When buffer_put_bugnum2 is called with zero bignum, it touches unallocated
memory:
BN_num_bytes returns 0, one byte is allocated and
hasnohigh = (buf[1] & 0x80) ? 0 : 1;
touches array out of bounds.
Mikulas
2003 Oct 08
4
OS/390 openssh
...it();
authctxt->postponed = 1;
diff -bur openssh-3.7.1p2.orig/bufaux.c openssh-3.7.1p2/bufaux.c
--- openssh-3.7.1p2.orig/bufaux.c Wed May 14 05:40:07 2003
+++ openssh-3.7.1p2/bufaux.c Tue Oct 7 08:22:00 2003
@@ -126,7 +126,7 @@
carry = !++uc[i];
}
}
- buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh);
+ buffer_put_binary(buffer, buf+hasnohigh, bytes-hasnohigh);
memset(buf, 0, bytes);
xfree(buf);
}
@@ -136,7 +136,7 @@
buffer_get_bignum2(Buffer *buffer, BIGNUM *value)
{
u_int len;
- u_char *bin = buffer_get_string(buffer, &len);
+ u_char *bin = buffer_get_binary(buf...