Displaying 3 results from an estimated 3 matches for "valid_request".
2002 Jun 26
0
[Bug 304] New: ssh-keysign memory freeing bug
...is run on it, which results
in a bogus signature, at least under Linux. (Solaris and IRIX don't seem to
mind.)
--- ssh-keysign.c~ Wed Jun 26 17:01:42 2002
+++ ssh-keysign.c Wed Jun 26 17:01:49 2002
@@ -192,7 +192,6 @@
data = buffer_get_string(&b, &dlen);
if (valid_request(pw, host, &key, data, dlen) < 0)
fatal("not a valid request");
- xfree(data);
xfree(host);
found = 0;
@@ -208,6 +207,7 @@
if (key_sign(keys[i], &signature, &slen, data, dlen) != 0)
fatal("key_sign failed&q...
2003 Mar 31
1
[Bug 526] potential ssh-keysign segfault if pktype == KEY_UNSPEC
...;/usr/lib/sftp-server\"
-D_PATH_SSH_KEY_SIGN=\"/usr/lib/ssh-keysign\" -D_PATH_SSH_PIDDIR=\"/var/run\"
-D_PATH_PRIVSEP_CHROOT_DIR=\"/var/run/sshd\"
-DSSH_RAND_HELPER=\"/usr/lib/ssh-rand-helper\" -DHAVE_CONFIG_H -c ssh-keysign.c
ssh-keysign.c: In function `valid_request':
ssh-keysign.c:58: warning: `key' might be used uninitialized in this function
Looking at the code, indeed, key is only initialized if pktype != KEY_UNSPEC,
but if pktype == KEY_UNSPEC then fail will be non-zero and key_free() in the
following code may fire depending on what happens to be...
2003 Oct 08
4
OS/390 openssh
...p;b, &blen);
pktype = key_type_from_name(pkalg);
if (pktype == KEY_UNSPEC)
@@ -210,7 +210,7 @@
if ((host = get_local_name(fd)) == NULL)
fatal("cannot get sockname for fd");
- data = buffer_get_string(&b, &dlen);
+ data = buffer_get_binary(&b, &dlen);
if (valid_request(pw, host, &key, data, dlen) < 0)
fatal("not a valid request");
xfree(host);
@@ -232,7 +232,7 @@
/* send reply */
buffer_clear(&b);
- buffer_put_string(&b, signature, slen);
+ buffer_put_binary(&b, signature, slen);
ssh_msg_send(STDOUT_FILENO, version, &...