[openssh-commits] [openssh] 01/01: upstream commit

git+noreply at mindrot.org git+noreply at mindrot.org
Thu Nov 19 19:25:15 AEDT 2015 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 88b6fcdeb87a2fb76767854d9eb15006662dca57
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Nov 19 08:23:27 2015 +0000

    upstream commit
    
    ban ConnectionAttempts=0, it makes no sense and would cause
     ssh_connect_direct() to print an uninitialised stack variable; bz#2500
     reported by dvw AT phas.ubc.ca
    
    Upstream-ID: 32b5134c608270583a90b93a07b3feb3cbd5f7d5
---
 ssh.c        | 4 +++-
 sshconnect.c | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/ssh.c b/ssh.c
index cceb36e..38e2b66 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.429 2015/10/25 23:42:00 dtucker Exp $ */
+/* $OpenBSD: ssh.c,v 1.430 2015/11/19 08:23:27 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1096,6 +1096,8 @@ main(int ac, char **av)
 		    "disabling");
 		options.update_hostkeys = 0;
 	}
+	if (options.connection_attempts <= 0)
+		fatal("Invalid number of ConnectionAttempts");
 #ifndef HAVE_CYGWIN
 	if (original_effective_uid != 0)
 		options.use_privileged_port = 0;
diff --git a/sshconnect.c b/sshconnect.c
index 1507934..b2c878a 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.267 2015/11/19 01:09:38 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.268 2015/11/19 08:23:27 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -434,6 +434,8 @@ ssh_connect_direct(const char *host, struct addrinfo *aitop,
 	struct addrinfo *ai;
 
 	debug2("%s: needpriv %d", __func__, needpriv);
+	memset(ntop, 0, sizeof(ntop));
+	memset(strport, 0, sizeof(strport));
 
 	for (attempt = 0; attempt < connection_attempts; attempt++) {
 		if (attempt > 0) {

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list