CVE-2002-0083 - whats the problem? beginners question

Wed Dec 31 05:13:00 EST 2014

Hi,

I'm not a programmer nor able to fully understand the code of openssh in detail - hence my question here.

Out of curiosity I was looking at the patch for CVE-2002-0083 and tried to understand what the actual problem is, but failed:

--- channels_old.c    Mon Mar  4 02:07:06 2002
+++ channels.c    Mon Mar  4 02:07:16 2002
@@ -151,7 +151,7 @@
 channel_lookup(int id)
 {
     Channel *c;
-    if (id < 0 || id > channels_alloc) {
+    if (id < 0 || id >= channels_alloc) {
         log("channel_lookup: %d: bad id", id);
         return NULL;
     }


What does that mean? 
If id is less than 0 (are we talking about the unix uid?)
or id greater than channels_alloc - log & return null)

Is this check for detecting users (not root) trying to do something nasty? 

Thank you.

Stefan

