search for: wp02855

...7.x Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at mindrot.org Reporter: wp02855 at gmail.com Created attachment 2785 --> https://bugzilla.mindrot.org/attachment.cgi?id=2785&action=edit patch file for this bug report Hello All, The code below implements the C function 'strndup()' in xmalloc.h and xmalloc.c (for future use, if needed): --- xmalloc.h....

...c/auth2-hostbased.c Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: wp02855 at gmail.com Created attachment 2787 --> https://bugzilla.mindrot.org/attachment.cgi?id=2787&action=edit Patch file for this bug report Hello All, In reviewing code in OpenSSH-7.1p2, there are some instances where free() is called in file 'auth1.c', in which the contents...

...auth-pam.c Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: major Priority: P5 Component: PAM support Assignee: unassigned-bugs at mindrot.org Reporter: wp02855 at gmail.com Created attachment 2784 --> https://bugzilla.mindrot.org/attachment.cgi?id=2784&action=edit Patch file for this bug report Hello All, In reviewing code in OpenSSH-7.1p2, it would appear in file 'auth-pam.c', function 'sshpam_tty_conv()', there is a c...

...ue[1-36] is:BCDEFGHIJKLMNPOQRSTUVWXYZ0123456789 As you can see, data beyond ue[0] is still accessible, should the code not be changed to use memset() to scrub any sensitive information still stored in various arrays in IA_BACKDOOR (and perhaps other areas of code in bsd-cray.c, etc)? Bill Parker (wp02855 at gmail dot com)

...--with-pam --with-md5-passwords --with-kerberos5=/usr/kerberos --with-tcp-wrappers and 'make' result in clean configure and make. I am attaching all of the patch files (in diff -u format) to this email/bug report. Please feel free to make any needed changes, etc as needed. Bill Parker (wp02855 at gmail dot com)

I have renamed all of the patch files to .txt, which should be acceptable for the mailer daemon at mindrot, per Angel's suggestion. I am attaching the patch files to the email, with the extra space removed and a minor correction made. Bill Parker (wp02855 at gmail dot com) -------------- next part -------------- --- port-linux.c.orig 2012-12-19 17:40:53.231529475 -0800 +++ port-linux.c 2012-12-19 17:41:27.573571514 -0800 @@ -191,7 +191,7 @@ logit("%s: getcon failed with %s", __func__, strerror(errno)); return; } - if ((cx = index(o...