[Bug 2212] New: openssl version check should ignore status nibble
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Mar 20 17:16:41 EST 2014
https://bugzilla.mindrot.org/show_bug.cgi?id=2212
Bug ID: 2212
Summary: openssl version check should ignore status nibble
Product: Portable OpenSSH
Version: 6.5p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Miscellaneous
Assignee: unassigned-bugs at mindrot.org
Reporter: vapier at gentoo.org
the current version check in entropy.c looks like:
u_long version_mask = SSLeay() >= 0x1000000f ? ~0xffff0L : ~0xff0L;
if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) ||
this causes it to pay attention to the last nibble in the version field
which makes no sense. the only thing that part does is track whether
the openssl in use is a dev, beta, or release. so if you install
1.0.2-beta1, then build openssh, then install 1.0.2 (the release), this
check rejects the openssl version.
this is documented in the openssl header:
/* Numeric release version identifier:
* MNNFFPPS: major minor fix patch status
* The status nibble has one of the values 0 for development, 1 to e
for betas
* 1 to 14, and f for release. The patch level is exactly that.
* For example:
* 0.9.3-dev 0x00903000
* 0.9.3-beta1 0x00903001
...
simple patch to fix the openssh code:
- u_long version_mask = SSLeay() >= 0x1000000f ? ~0xffff0L :
~0xff0L;
+ u_long version_mask = SSLeay() >= 0x1000000f ? ~0xfffffL :
~0xff0L;
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list