[openssh-commits] [openssh] 05/05: upstream: Add explicit check for array overflow.
git+noreply at mindrot.org
git+noreply at mindrot.org
Tue Sep 30 08:26:27 AEST 2025
This is an automated email from the git hooks/post-receive script.
dtucker pushed a commit to branch master
in repository openssh.
commit 893a579e4b37e6bd89d206dc8e7ac2a906ccf114
Author: dtucker at openbsd.org <dtucker at openbsd.org>
AuthorDate: Mon Sep 29 21:37:52 2025 +0000
upstream: Add explicit check for array overflow.
The array is bounded by a NULL sentinel which already prevents this,
however since we check the bit vector for overflow Coverity assumes that
check is for the devices array and flags it as a potential overflow.
Adding this additional check on the array placates CID 896018. ok djm@
deraadt@
OpenBSD-Commit-ID: e92fff41341b38e4206a70655cc9acaaa032ebee
---
auth2-chall.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/auth2-chall.c b/auth2-chall.c
index 5af8b0945..bc2482a03 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-chall.c,v 1.55 2025/09/29 02:32:15 djm Exp $ */
+/* $OpenBSD: auth2-chall.c,v 1.56 2025/09/29 21:37:52 dtucker Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2001 Per Allansson. All rights reserved.
@@ -165,7 +165,8 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt)
if (len == 0)
break;
for (i = 0; devices[i]; i++) {
- if (i >= sizeof(kbdintctxt->devices_done) * 8)
+ if (i >= sizeof(kbdintctxt->devices_done) * 8 ||
+ i >= sizeof(devices) / sizeof(devices[0]) - 1)
fatal_f("internal error: too may devices");
if ((kbdintctxt->devices_done & (1 << i)) != 0 ||
!auth2_method_allowed(authctxt,
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list