[Bug 2207] Potential NULL deference, found using coverity

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Mar 4 08:27:38 EST 2014


Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
                 CC|                            |djm at mindrot.org
           Severity|security                    |trivial

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
We don't normally mark crashers as security bugs unless they take down
the master sshd process.

That being said, there is no NULL dereference here anyway. See the
"kdfname == NULL"

You are right about the logic error in testing the KDF name, but the
impact of this is failure to read keys that have a KDF that is other
than 'bcrypt' or 'none', which we would not be able to do anyway.

You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list