[openssh-commits] CVS: fuyu.mindrot.org: openssh

Damien Miller djm at fuyu.mindrot.org
Tue Aug 31 22:36:39 EST 2010 

CVSROOT:        /var/cvs
Module name:    openssh
Changes by:     djm at fuyu.mindrot.org 10/08/31 22:36:39

Modified files:
    .               : ChangeLog auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c packet.h ssh-dss.c ssh-rsa.c

Log message:
   - djm at cvs.openbsd.org 2010/08/31 09:58:37
     [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c]
     [packet.h ssh-dss.c ssh-rsa.c]
     Add buffer_get_cstring() and related functions that verify that the
     string extracted from the buffer contains no embedded \0 characters*
     This prevents random (possibly malicious) crap from being appended to
     strings where it would not be noticed if the string is used with
     a string(3) function.

     Use the new API in a few sensitive places.

     * actually, we allow a single one at the end of the string for now because
     we don't know how many deployed implementations get this wrong, but don't
     count on this to remain indefinitely.

Diff commands:
cvs -nQq rdiff -u -r1.5650 -r1.5651 openssh/ChangeLog
cvs -nQq rdiff -u -r1.51 -r1.52 openssh/auth-options.c
cvs -nQq rdiff -u -r1.126 -r1.127 openssh/auth1.c
cvs -nQq rdiff -u -r1.151 -r1.152 openssh/auth2.c
cvs -nQq rdiff -u -r1.55 -r1.56 openssh/bufaux.c
cvs -nQq rdiff -u -r1.19 -r1.20 openssh/buffer.h
cvs -nQq rdiff -u -r1.89 -r1.90 openssh/kex.c
cvs -nQq rdiff -u -r1.93 -r1.94 openssh/key.c
cvs -nQq rdiff -u -r1.171 -r1.172 openssh/packet.c
cvs -nQq rdiff -u -r1.54 -r1.55 openssh/packet.h
cvs -nQq rdiff -u -r1.27 -r1.28 openssh/ssh-dss.c
cvs -nQq rdiff -u -r1.45 -r1.46 openssh/ssh-rsa.c

ViewVC:
http://anoncvs.mindrot.org/index.cgi/openssh/ChangeLog?r1=1.5650;r2=1.5651&view=patch
http://anoncvs.mindrot.org/index.cgi/openssh/auth-options.c?r1=1.51;r2=1.52&view=patch
http://anoncvs.mindrot.org/index.cgi/openssh/auth1.c?r1=1.126;r2=1.127&view=patch
http://anoncvs.mindrot.org/index.cgi/openssh/auth2.c?r1=1.151;r2=1.152&view=patch
http://anoncvs.mindrot.org/index.cgi/openssh/bufaux.c?r1=1.55;r2=1.56&view=patch
http://anoncvs.mindrot.org/index.cgi/openssh/buffer.h?r1=1.19;r2=1.20&view=patch
http://anoncvs.mindrot.org/index.cgi/openssh/kex.c?r1=1.89;r2=1.90&view=patch
http://anoncvs.mindrot.org/index.cgi/openssh/key.c?r1=1.93;r2=1.94&view=patch
http://anoncvs.mindrot.org/index.cgi/openssh/packet.c?r1=1.171;r2=1.172&view=patch
http://anoncvs.mindrot.org/index.cgi/openssh/packet.h?r1=1.54;r2=1.55&view=patch
http://anoncvs.mindrot.org/index.cgi/openssh/ssh-dss.c?r1=1.27;r2=1.28&view=patch
http://anoncvs.mindrot.org/index.cgi/openssh/ssh-rsa.c?r1=1.45;r2=1.46&view=patch

Please note that there may be a delay before commits are available
on the public ViewVC site.

More information about the openssh-commits mailing list