Invalid memory access / read stack overflow when reading config with zero bytes
Damien Miller
djm at mindrot.org
Mon Mar 30 10:17:06 AEDT 2015
On Mon, 30 Mar 2015, Hanno B?ck wrote:
> On Mon, 30 Mar 2015 09:19:02 +1100 (AEDT)
> Damien Miller <djm at mindrot.org> wrote:
>
> > What version of OpenSSH is this?
>
> 6.8 portable on Linux.
That's strange - the line numbers in the valgrind stack trace don't
match. E.g.
==5578== at 0x4C2CFCA: __GI_strchr (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==5578== by 0x117B6B: process_config_line (readconf.c:785)
==5578== by 0x119DED: read_config_file (readconf.c:1633)
> > Also, when reporting fuzzer-derived problems it really helps to
> > include the test-case.
>
> The "test case" is a one byte file containing a zero byte. But here it
> is :-)
Ok, I'll see if I can reproduce.
-d
More information about the openssh-unix-dev
mailing list