1 |
Look at this: |
2 |
|
3 |
-----BEGIN PGP SIGNED MESSAGE----- |
4 |
Hash: SHA1 |
5 |
|
6 |
you can see the 2 bugs in this code?, seems to of me that theo could |
7 |
not. i am of understanding that there are exploits working on this in |
8 |
the wild. 3 remote holes in default install now ! |
9 |
hahaha |
10 |
|
11 |
void * |
12 |
buffer_append_space(Buffer *buffer, u_int len) |
13 |
{ |
14 |
void *p; |
15 |
|
16 |
if (len > 0x100000) |
17 |
fatal("buffer_append_space: len %u not supported", len); |
18 |
|
19 |
/* If the buffer is empty, start using it from the beginning. |
20 |
*/ |
21 |
if (buffer->offset == buffer->end) { |
22 |
buffer->offset = 0; |
23 |
buffer->end = 0; |
24 |
} |
25 |
restart: |
26 |
/* If there is enough space to store all data, store it now. |
27 |
*/ |
28 |
if (buffer->end + len < buffer->alloc) { |
29 |
p = buffer->buf + buffer->end; |
30 |
buffer->end += len; |
31 |
return p; |
32 |
} |
33 |
/* |
34 |
* If the buffer is quite empty, but all data is at the end, |
35 |
move the |
36 |
* data to the beginning and retry. |
37 |
*/ |
38 |
if (buffer->offset > buffer->alloc / 2) { |
39 |
memmove(buffer->buf, buffer->buf + buffer->offset, |
40 |
buffer->end - buffer->offset); |
41 |
buffer->end -= buffer->offset; |
42 |
buffer->offset = 0; |
43 |
goto restart; |
44 |
} |
45 |
/* Increase the size of the buffer and retry. */ |
46 |
buffer->alloc += len + 32768; |
47 |
if (buffer->alloc > 0xa00000) |
48 |
fatal("buffer_append_space: alloc %u not supported", |
49 |
buffer->alloc); |
50 |
buffer->buf = xrealloc(buffer->buf, buffer->alloc); |
51 |
goto restart; |
52 |
/* NOTREACHED */ |
53 |
} |
54 |
-----BEGIN PGP SIGNATURE----- |
55 |
Note: This signature can be verified at https://www.hushtools.com/verify |
56 |
Version: Hush 2.3 |
57 |
|
58 |
wkYEARECAAYFAj9mSqAACgkQO4YmZKj9rSu4mQCeMS8jvadKaKO01kAwl3Ykwirr9ZEA |
59 |
oLOwzsupmVKP+z1R/5OSlu8NHngf |
60 |
=c0bi |
61 |
-----END PGP SIGNATURE----- |
62 |
|
63 |
and |
64 |
|
65 |
http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/buffer.c.diff?r1=1.1.1.6&r2=1.1.1.7&f=h |
66 |
and |
67 |
|
68 |
ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ |
69 |
|
70 |
File:openssh-3.7p1-vs-openbsd.diff.gz 360 KB 16.09.2003 05:00:00 |
71 |
File:openssh-3.7p1.tar.gz 773 KB 16.09.2003 05:00:00 |
72 |
File:openssh-3.7p1.tar.gz.sig 1 KB 16.09.2003 05:00:00 |
73 |
|
74 |
Someone do anything ? Like a new ebuild |
75 |
|
76 |
-- |
77 |
Time : 19:20:17-16:09:2003 |
78 |
NP : 18 Linkin Park - Kyur4 The Ich-chairman Hahn |
79 |
SysStat : 19:20:17 up 14 days, 11:01, 2 users, load average: 0.44, 0.37, |
80 |
0.39 |
81 |
|
82 |
|
83 |
-- |
84 |
gentoo-dev@g.o mailing list |