Calysto v1.5 reports on ssh v4.6p1
Darren Tucker
dtucker at zip.com.au
Sun Aug 12 11:19:56 EST 2007
Domagoj Babic wrote:
> New version of Calysto reports a warning that looks like a bug to me:
>
> ------------------------------------------
> Possible NULL-ptr deref (vc27053):
> @/work/projects/llvm/tools/Calysto/IfaceSpecs/clib.c:1823
> Bug: ??
> Explanation:
>
> choose_dh (dh.c:111) calls fopen twice (@120). If the first call to
> fopen fails (returns NULL), but the second one succeeds, fgets (@129) is
> called with f==NULL.
I don't follow. If the second call to fopen succeeds, f is a valid FILE
pointer returned by the second fopen call, not NULL. If both fail, the
function logs a warning,returns DH group 14 and never reaches the fgets.
120 if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL &&
121 (f = fopen(_PATH_DH_PRIMES, "r")) == NULL) {
122 logit("WARNING: %s does not exist, using fixed modulus",
123 _PATH_DH_MODULI);
124 return (dh_new_group14());
125 }
126
127 linenum = 0;
128 best = bestcount = 0;
129 while (fgets(line, sizeof(line), f)) {
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list