cvs commit: src/crypto/openssh buffer.c

Matthew Dillon dillon at crater.dragonflybsd.org
Tue Sep 16 10:00:39 PDT 2003


dillon      2003/09/16 09:59:41 PDT

  Modified files:
    crypto/openssh       buffer.c 
  Log:
  Additional comments: ssh may attempt to zero and free the buffer from
  fatal().  The incorrect buffer size at the time fatal() is called will
  cause it to zero an area larger then has actually been allocated.  Since
  meta-data is not inline with the allocation on FreeBSD (and hence DragonFly)
  systems it is believed that the worst that can happen is a crash.  On linux
  systems, however, it may be possible to exploit the flaw to gain elevated
  privs.
  
  Revision  Changes    Path
  1.3       +0 -0      src/crypto/openssh/buffer.c






More information about the Commits mailing list