bug in sshd.c (destroy_sensitive_data core dumps)

[Gert Doering]

Hi,

On Fri, Dec 22, 2000 at 04:01:33PM +0100, Gert Doering wrote:
> Tracking this, I found that if a host key is specified in the sshd_config
> that does not exist (I used "./sshd -d -d -d -f sshd_config" with the 
> shipped sshd_config file, to work around incompatibilities with the 
> installed sshd.com's sshd_config, and I do not have ssh2 host keys on
> this machine), sshd will leave 
> 
>    sensitive_data.host_keys[<i>]
> 
> uninitialized - the memory area is malloc()ed, so never initialized, and
> later on destroy_sensitive_data reads a pointer from it and tries to
> overwrite *that* memory location.

... and right after sending out this mail, I found that in the current
CVS (as of today!), this bug has been fixed.  So please ignore my e-mail.

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert.doering at physik.tu-muenchen.de