[Bug 1913] New: wrong type for version in sftp-server.c
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Thu Jun 9 18:02:42 EST 2011
https://bugzilla.mindrot.org/show_bug.cgi?id=1913
Summary: wrong type for version in sftp-server.c
Product: Portable OpenSSH
Version: 5.8p2
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sftp
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: mb at smartftp.com
The type of version is defined as (line 71, file: sftp-server.c):
int version;
but it should be defined as
u_int32_t version;
Why is this important?
A client is submitting a value >= 2^31 in the client version (which is
okay according to the RFC). The code however interprets such a value as
a signed int and versions checks as the following will fail as a
result:
line 417
if (version >= 3) {
buffer_put_cstring(&msg, status_to_message(status));
buffer_put_cstring(&msg, "");
}
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list