[Bug 1913] New: wrong type for version in sftp-server.c

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Jun 9 18:02:42 EST 2011


https://bugzilla.mindrot.org/show_bug.cgi?id=1913

           Summary: wrong type for version in sftp-server.c
           Product: Portable OpenSSH
           Version: 5.8p2
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sftp
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: mb at smartftp.com


The type of version is defined as (line 71, file: sftp-server.c):
int version;

but it should be defined as
u_int32_t version;

Why is this important? 
A client is submitting a value >= 2^31 in the client version (which is
okay according to the RFC). The code however interprets such a value as
a signed int and versions checks as the following will fail as a
result:
line 417
    if (version >= 3) {
        buffer_put_cstring(&msg, status_to_message(status));
        buffer_put_cstring(&msg, "");
    }

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list