Problem/bug report for "bad decrypted len" error in OpenSSH
Markus Friedl
markus at openbsd.org
Mon Jun 16 18:28:41 EST 2003
replace
if (len != hlen + oidlen) {
with
if (len < hlen + oidlen) {
instead of deleting lines.
On Mon, Jun 16, 2003 at 09:36:16AM +0300, Stefan Hadjistoytchev wrote:
> I've posted the bug in BugZilla (bug 592). What should I do next ?
>
> Stefan
> ----- Original Message -----
> From: "Markus Friedl" <markus at openbsd.org>
> To: "Stefan Hadjistoytchev" <sth at hq.bsbg.net>; "Damien Miller"
> <djm at mindrot.org>
> Cc: <openssh-unix-dev at mindrot.org>
> Sent: Friday, June 13, 2003 5:39 PM
> Subject: Re: Problem/bug report for "bad decrypted len" error in OpenSSH
>
>
> > On Sat, Jun 14, 2003 at 12:17:56AM +1000, Damien Miller wrote:
> > > Stefan Hadjistoytchev wrote:
> > > > Should I report it to BugZilla ?
> > >
> > > Only if you can justify _why_ the length check is not correct.
> >
> > make sure to include:
> >
> > This is a redundant length check that is not technically
> > correct. The OpenSSH team is aware of the problem but don't
> > care since they have no idea how to use certificates.
> >
> > The length check is not redundant since the result might be
> > too small for example.
> >
> >
>
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list