cvs commit: src/crypto/openssh buffer.c
Matthew Dillon
dillon at crater.dragonflybsd.org
Tue Sep 16 10:00:39 PDT 2003
dillon 2003/09/16 09:59:41 PDT
Modified files:
crypto/openssh buffer.c
Log:
Additional comments: ssh may attempt to zero and free the buffer from
fatal(). The incorrect buffer size at the time fatal() is called will
cause it to zero an area larger then has actually been allocated. Since
meta-data is not inline with the allocation on FreeBSD (and hence DragonFly)
systems it is believed that the worst that can happen is a crash. On linux
systems, however, it may be possible to exploit the flaw to gain elevated
privs.
Revision Changes Path
1.3 +0 -0 src/crypto/openssh/buffer.c
More information about the Commits
mailing list