Possible overflow bug?
Peter Stuge
peter at stuge.se
Wed Jun 7 04:59:39 AEST 2023
Chris Rapier wrote:
> openssh 9.3p1
..
> In function 'explicit_bzero',
> inlined from 'kex_free_newkeys' at kex.c:743:2:
kex.c in tag V_9_3_P1 doesn't call explicit_bzero() on line 743,
> '__explicit_bzero_chk' writing 48 bytes into a region of size 8
..
> kex.h: In function 'kex_free_newkeys':
> kex.h:116:18: note: destination object 'name' of size 8
> 116 | char *name;
... in fact kex_free_newkeys() in tag V_9_3_P1 doesn't ever call
explicit_bzero() with an object called 'name'.
> Not sure if this is a real problem or not but I thought I'd pass it
> over just in case.
Could you check if you have any patch applied on top of V_9_3_P1?
Thanks
//Peter
More information about the openssh-unix-dev
mailing list