[PATCH] Fix buffer overrun

Salvador Fandino sfandino at gmail.com
Thu Jun 25 22:18:42 AEST 2015


On 06/25/2015 12:28 PM, Salvador Fandino wrote:
> When a forwarding specification ending in a slash ('\\') is used,
> the function "parse_fwd_field" jumps over the '\0' char marking
> the end of the string and keeps processing.
>
> This patch checks for that condition.
>
>
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>

Wait, this is still broken!

For instance,

   ssh -R/tmp/foo\\1\\2:localhost:11111 localhost

... parses as /tmp/foo1\2

A new patch is coming soon.



More information about the openssh-unix-dev mailing list