[openssh-commits] [openssh] branch master updated (2e811007 -> b58e4299)

git+noreply at mindrot.org git+noreply at mindrot.org
Tue Mar 18 15:56:47 AEDT 2025 

This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

    from 2e811007 Fix debug log path.
     new 0ce5281f upstream: Fix EVP_CIPHER_CTX_ctrl() return checks
     new b58e4299 upstream: fix NULL dereference for Match conditions missing

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit b58e429960c4791fc4e30bb7c70d1f77d538b546
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Tue Mar 18 04:53:14 2025 +0000

    upstream: fix NULL dereference for Match conditions missing
    
    arguments, e.g. "Match user". Spotted by Coverity (CID 477813)
    
    OpenBSD-Commit-ID: 13584281cfa23b8ebc41f9d128a6b9464ae960d4

commit 0ce5281f017c3ad7bdcc2bbd9745119a73e0cbb8
Author: tb at openbsd.org <tb at openbsd.org>
Date:   Fri Mar 14 09:49:49 2025 +0000

    upstream: Fix EVP_CIPHER_CTX_ctrl() return checks
    
    While this API tries to translate negative return values (i.e. -1) to 0
    in BoringSSL and LibreSSL, it is still possible for it to return negative
    values in prinicple. We even incorrectly document that -1 can be returned
    while Boring and OpenSSL plead the Fifth.
    
    In OpenSSL 3 there are now code paths that explicitly return -1 and they
    started shifting their return checks to <= 0 - of course they do this in
    inconsistent and sometimes incorrect manner. While these paths aren't
    reachable from ssh right now, who can really tell what happens in the two
    hundred lines of inscrutable bloated mess this has become.
    
    So error check with <= 0 to ensure that we don't accidentally translate an
    error to success.
    
    ok markus schwarze
    
    OpenBSD-Commit-ID: a855c833cf4ecfce43bedc761f26ad924f70483c

Summary of changes:
 cipher.c   | 28 ++++++++++++++--------------
 readconf.c |  9 ++++++---
 2 files changed, 20 insertions(+), 17 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list