cvs commit: src/crypto/openssh buffer.c

[rivo nurges]

On Tue, Sep 16, 2003 at 09:28:15AM -0700, Matthew Dillon wrote:
>     Beat me to it.  I'm still trying to figure out what the 
>     security hole is, though.  Can another thread access the
>     buffer while it is being expanded?  I have no idea.

I'm not specialist but for me it seems that buffer->alloc get's 
new value before xrealloc() and if (buffer->alloc > 0xa00000) is 
between them not before buffer->alloc += len + 32768;

-- 
rix
http://www.ripe.net/perl/whois?rix@xxxxxxxxx