cvs commit: src/crypto/openssh buffer.c
rivo nurges
rix at estpak.ee
Tue Sep 16 09:40:49 PDT 2003
On Tue, Sep 16, 2003 at 09:28:15AM -0700, Matthew Dillon wrote:
> Beat me to it. I'm still trying to figure out what the
> security hole is, though. Can another thread access the
> buffer while it is being expanded? I have no idea.
I'm not specialist but for me it seems that buffer->alloc get's
new value before xrealloc() and if (buffer->alloc > 0xa00000) is
between them not before buffer->alloc += len + 32768;
--
rix
http://www.ripe.net/perl/whois?rix@xxxxxxxxx
More information about the Commits
mailing list