Possible overflow bug?

Thorsten Glaser t.glaser at tarent.de
Wed Jun 7 07:12:59 AEST 2023


On Tue, 6 Jun 2023, Sam James wrote:

>Not a comment on this particular bug, but as an FYI, sanitizers are
>known to sometimes cause false-positive *compile*-time warnings

Huh, they do?

What happens here is that it thinks the pointer to newkeys->enc
is a pointer to the first element (name) inside newkeys->enc,
which is incorrect but probably correct elsewhere and I don’t
know whether it can even distinguish them where it sits.

But looking at this… newkeys->enc is an inlined struct sshenc
inside struct newkeys, so why not just bzero the entire newkeys
at once near the end instead of doing it piecemeal as if it were
a pointer?

bye,
//mirabilos
-- 
Infrastrukturexperte • tarent solutions GmbH
Am Dickobskreuz 10, D-53121 Bonn • http://www.tarent.de/
Telephon +49 228 54881-393 • Fax: +49 228 54881-235
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

                        ****************************************************
/⁀\ The UTF-8 Ribbon
╲ ╱ Campaign against      Mit dem tarent-Newsletter nichts mehr verpassen:
 ╳  HTML eMail! Also,     https://www.tarent.de/newsletter
╱ ╲ header encryption!
                        ****************************************************


More information about the openssh-unix-dev mailing list