[Bug 1903] bindresvport_sa() does not validate non-zero struct sockaddr * port is within intended range

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue May 10 13:53:15 EST 2011


https://bugzilla.mindrot.org/show_bug.cgi?id=1903

--- Comment #1 from Glenn <gs-bugzilla.mindrot.org at gluelogic.com> 2011-05-10 13:53:15 EST ---
openssh appears unaffected since the only use is in sshconnect.c, which
calls rresvport_af() with a parameter that results in bindresvport_sa()
being called with port set to 0 in struct sockaddr *.  port == 0 is
handled properly, as expected, in bindresvport_sa().

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list