Problem/bug report for "bad decrypted len" error in OpenSSH
Stefan Hadjistoytchev
sth at hq.bsbg.net
Tue Jun 17 18:24:12 EST 2003
10x for the fix !!!
----- Original Message -----
From: "Markus Friedl" <markus at openbsd.org>
To: "Stefan Hadjistoytchev" <sth at hq.bsbg.net>
Cc: "Damien Miller" <djm at mindrot.org>; <openssh-unix-dev at mindrot.org>
Sent: Monday, June 16, 2003 11:28 AM
Subject: Re: Problem/bug report for "bad decrypted len" error in OpenSSH
> replace
>
> if (len != hlen + oidlen) {
> with
> if (len < hlen + oidlen) {
>
> instead of deleting lines.
>
>
> On Mon, Jun 16, 2003 at 09:36:16AM +0300, Stefan Hadjistoytchev wrote:
> > I've posted the bug in BugZilla (bug 592). What should I do next ?
> >
> > Stefan
> > ----- Original Message -----
> > From: "Markus Friedl" <markus at openbsd.org>
> > To: "Stefan Hadjistoytchev" <sth at hq.bsbg.net>; "Damien Miller"
> > <djm at mindrot.org>
> > Cc: <openssh-unix-dev at mindrot.org>
> > Sent: Friday, June 13, 2003 5:39 PM
> > Subject: Re: Problem/bug report for "bad decrypted len" error in OpenSSH
> >
> >
> > > On Sat, Jun 14, 2003 at 12:17:56AM +1000, Damien Miller wrote:
> > > > Stefan Hadjistoytchev wrote:
> > > > > Should I report it to BugZilla ?
> > > >
> > > > Only if you can justify _why_ the length check is not correct.
> > >
> > > make sure to include:
> > >
> > > This is a redundant length check that is not technically
> > > correct. The OpenSSH team is aware of the problem but don't
> > > care since they have no idea how to use certificates.
> > >
> > > The length check is not redundant since the result might be
> > > too small for example.
> > >
> > >
> >
> >
> > _______________________________________________
> > openssh-unix-dev mailing list
> > openssh-unix-dev at mindrot.org
> > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
>
More information about the openssh-unix-dev
mailing list