similar to: [Bug 3731] New: Integer overflow when adding 6000 and display_number

https://bugzilla.mindrot.org/show_bug.cgi?id=3730 Bug ID: 3730 Summary: Integer overflow when adding 6000 and display_number Product: Portable OpenSSH Version: 9.8p1 Hardware: Other OS: All Status: NEW Severity: minor Priority: P5 Component: Build system Assignee:

https://bugzilla.mindrot.org/show_bug.cgi?id=3732 Bug ID: 3732 Summary: An integer underflow may occur due to arithmetic operation (unsigned subtraction) between values '0' and '67108864', where the first value comes from the expression 'h4 + b' and the second value comes from

https://bugzilla.mindrot.org/show_bug.cgi?id=3734 Bug ID: 3734 Summary: Expression 'l > SIZE_MAX' is always false Product: Portable OpenSSH Version: 9.8p1 Hardware: Other OS: All Status: NEW Severity: enhancement Priority: P5 Component: Build system Assignee:

https://bugzilla.mindrot.org/show_bug.cgi?id=3735 Bug ID: 3735 Summary: The ngroups variable may be set to a negative value when calling sysconf(_SC_NGROUPS_MAX) Product: Portable OpenSSH Version: 9.8p1 Hardware: Other OS: All Status: NEW Severity: normal Priority: P5

I did an audit for potential integer overflows of values which get passed to access_ok() and here are the results. Signed-off-by: Dan Carpenter <error27 at gmail.com> diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index dd3d6f7..c2aa12c 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -429,6 +429,14 @@ static int vq_access_ok(unsigned int num, struct

I did an audit for potential integer overflows of values which get passed to access_ok() and here are the results. Signed-off-by: Dan Carpenter <error27 at gmail.com> diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index dd3d6f7..c2aa12c 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -429,6 +429,14 @@ static int vq_access_ok(unsigned int num, struct

Hello, I manage OpenSSH on a dozen or so servers that act as gateways for a large amount of developers and system administrators. On these servers it is common for there to be more than 1000 active X11 forwards active at peak usage. Beyond ~1000 active X11 forwards, sshd will fail to bind additional ports due to a hard coded range check in channels.c that limits the port range that sshd will

hi, this can be applied to the latest portable CVS. by default bind sshd fake display to localhost. [stevesk at jenny stevesk]$ uname -sr HP-UX B.11.11 [stevesk at jenny stevesk]$ echo $DISPLAY localhost:14.0 [stevesk at jenny stevesk]$ netstat -an|grep 6014 tcp 0 0 127.0.0.1.6014 *.* LISTEN this is currently controlled with sshd_config gatewayports;

Hi, This also has been discussed in SSHSCI's SSH context. All SSH versions (both SSHSCI and OpenSSH) derive value for DISPLAY variable from `uname -n`. The problem is that the returned value is not necessarily resolvable to a valid IP number which in turn might cause a failure. To make it fool-proof I suggest to set DISPLAY to the interface's address the user has reached the system in

Hi all, Here's a small mechanism I have built to run games in a dedicated display. The main reasons for doing that were: - to avoid desktop stuff to pop over my games display - to run games in a display matching the game resolution - to avoid manually switching my main resolution back and forth - to avoid problems where quitting a games leaves my desktop in the wrong resolution The idea is

Hi thanks for the answers I'm using the following Patch now (Works for AIX 4.3.3, I'll check other AIX Versions, Solaris and Linux later) configure --with-cppflags=-DLOCALHOST_IN_DISPLAY activates the change *** channels.c Wed Jun 13 21:18:05 2001 --- ../openssh-2.9p2.aix/channels.c Wed Aug 8 14:55:24 2001 *************** *** 2268,2276 **** --- 2268,2282 ----

The following codes have an implicit conversion from size_t to u32: (u32)max_size = (size_t)virtio_max_dma_size(vdev); This may lead overflow, Ex (size_t)4G -> (u32)0. Once virtio_max_dma_size() has a larger size than U32_MAX, use U32_MAX instead. Signed-off-by: zhenwei pi <pizhenwei at bytedance.com> --- drivers/block/virtio_blk.c | 4 +++- 1 file changed, 3 insertions(+), 1

Hi! Dovecot 2.2.24 Had set up solr and new schema collection. Copied dovecot provided schema. There was an error with booleans (while getting schema via http), which I "solved" by removing "add-unknown-fields-to-the-schema" from solrconfig.xml. It is correct way to solve this? Anyway, I run tcpdump to see network activity between dovecot and solr: #tcpdump -i lo port 8983

Hi, here's a patch so that ssh also supports hurd-i386. Thanks for incorporating. The patch comes from Robert Bihlmeyer <robbe at orcus.priv.at>. > openssh 2.2.0p1-1.1 does not build on the Hurd. The appended patch > fixes that. Changes in detail: > * PAM is not (yet?) supported, so the PAM dependencies are only put into > the control file on architectures != hurd-i386.

This change allows use of untrusted X11 forwarding (which is more secure) without requiring users to choose a finite timeout after which to refuse new connections. This matches the semantics of the X11 security extension itself, which also treat a validity timeout of 0 on an authentication cookie as indefinite. Signed-off-by: Trixie Able <table at inventati.org> --- clientloop.c | 12

The patch below implements a couple of features which are useful in an environment where users do not have a regular shell login. It allows you to selectively disable certain features on a system-wide level for users with a certain shell; it also allows you to control and audit TCP forwarding in more detail. Our system is an email server with a menu for the login shell; we selectively allow port

Hello, I was trying to compile Flac on MinGW/Msys but got an error stating SIZE_T_MAX is undefined. To fix this error I edited the file "flac-1.2.1/include/share/alloc.h" and made the following change: Starting at line #36 I changed: #ifndef SIZE_MAX # ifndef SIZE_T_MAX # ifdef _MSC_VER # define SIZE_T_MAX UINT_MAX # else # error # endif # endif # define SIZE_MAX SIZE_T_MAX

https://bugzilla.mindrot.org/show_bug.cgi?id=2264 Bug ID: 2264 Summary: RekeyLimit option does not allow '4G' value when UINT_MAX is 0xffffffff Product: Portable OpenSSH Version: 6.6p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5

Hi, I ran into this issue recently and wanted to know if it was a bug or expected behavior. In the R600 backend's TargetTransformInfo implementation, we were setting UnrollingPreferences::Count = UINT_MAX. This was a mistake as we should have been setting UnrollingPreferences::MaxCount instead. However, as a result of setting Count to UINT_MAX, this loop would be unrolled 15 times: if (b

This code in vhost_scsi_make_tpg() is confusing because we limit "tpgt" to UINT_MAX but the data type of "tpg->tport_tpgt" and that is a u16. I looked at the context and it turns out that in vhost_scsi_set_endpoint(), "tpg->tport_tpgt" is used as an offset into the vs_tpg[] array which has VHOST_SCSI_MAX_TARGET (256) elements so anything higher than 255 then it