[Bug 1390] New: RekeyLimit max value is too restrictive

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Nov 10 04:14:04 EST 2007


https://bugzilla.mindrot.org/show_bug.cgi?id=1390

           Summary: RekeyLimit max value is too restrictive
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 4.7p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: Jan.Pechanec at Sun.COM


Created an attachment (id=1380)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=1380)
patch against 4.7p1

RekeyLimit option allows to set the limit up to 2^31 bytes only since
it's a signed integer. However, the default value for rekeying limit is
2^32 since AES's block size is 16 bytes (limit set in packet.c).

2^(block_size * 2) = 2^32

since there is no support for ciphers with block sizes of 32 bytes it's
enough to use u_int32_t for rekey_limit + fix the casting and replace
INT_MAX with UINT_MAX.

patch attached.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list