[openssh-commits] [openssh] branch master updated (a5dfc5ba -> 3dd0c64e)

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Feb 1 09:57:37 AEDT 2021


This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

      from  a5dfc5ba  allow a fuzz case to contain more than one request
       new  7a92a324  upstream: Set linesize returned by getline to zero when freeing and
       new  3dd0c64e  upstream: more strictly enforce KEX state-machine by banning packet

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit 3dd0c64e08f1bba21d71996d635c7256c8c139d1
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Sun Jan 31 22:55:29 2021 +0000

    upstream: more strictly enforce KEX state-machine by banning packet
    
    types once they are received. Fixes memleak caused by duplicate
    SSH2_MSG_KEX_DH_GEX_REQUEST (spotted by portable OpenSSH kex_fuzz via
    oss-fuzz #30078).
    
    ok markus@
    
    OpenBSD-Commit-ID: 87331c715c095b587d5c88724694cdeb701c9def

commit 7a92a324a2e351fabd0ba8ef9b434d3b12d54ee3
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Sun Jan 31 10:50:10 2021 +0000

    upstream: Set linesize returned by getline to zero when freeing and
    
    NULLing the returned string.  OpenBSD's getline handles this just fine, but
    some implementations used by -portable do not.  ok djm@
    
    OpenBSD-Commit-ID: 4d7bd5169d3397654247db9655cc69a9908d165c

Summary of changes:
 kex.c     |  4 ++--
 kex.h     |  3 ++-
 kexgen.c  |  8 +++++++-
 kexgexc.c | 12 ++++++++----
 kexgexs.c |  7 ++++++-
 sshsig.c  |  4 +++-
 6 files changed, 28 insertions(+), 10 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list