[PATCH 2/12] bug fix: openssh-4.3p2 NULL dereference
Kylene Jo Hall
kjhall at us.ibm.com
Tue May 16 06:18:58 EST 2006
The variable IV does can be NULL when passed into the function. However,
IV is dereferenced in CMP, therefore, IV should be checked before
sending it to this macro. This patch adds what is common in other parts
of the code but is missing on this particular check. This entire set of
patches passed the regression tests on my system. Null dereference bug
found by Coverity.
Signed-off-by: Kylene Hall <kjhall at us.ibm.com>
---
deattack.c | 2 +-
1 files changed, 1 insertion(+), 1 deletion(-)
diff -uprN openssh-4.3p2/deattack.c openssh-4.3p2-kylie/deattack.c
--- openssh-4.3p2/deattack.c 2003-09-22 06:04:23.000000000 -0500
+++ openssh-4.3p2-kylie/deattack.c 2006-05-04 15:10:19.000000000 -0500
@@ -137,7 +137,7 @@ detect_attack(u_char *buf, u_int32_t len
for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
i = (i + 1) & (n - 1)) {
if (h[i] == HASH_IV) {
- if (!CMP(c, IV)) {
+ if (IV && !CMP(c, IV)) {
if (check_crc(c, buf, len, IV))
return (DEATTACK_DETECTED);
else
More information about the openssh-unix-dev
mailing list