Re: More ssh fun (sshd this time)

Solar Designer (solar@FALSE.COM)
Wed, 27 Aug 1997 05:48:44 -0300

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Michael Warfield: "Re: Vulnerability in Majordomo"
Previous message: Kris Benson: "Re: Buffer overflow in /bin/bash"
Maybe in reply to: Ivo van der Wijk: "More ssh fun (sshd this time)"
Next in thread: Christopher Craig: "Re: More ssh fun (sshd this time)"

Hello!

> + if (port > 65535)
> + packet_disconnect("Requested port is %d is invalid",port);

This still doesn't fix the problem since port is defined as a signed int,
and negative values will pass your check. Of course, their lower 16 bits
may represent a privileged port number.

BTW, it looks like integer overflows and negative number problems are quite
common: sshd, Linux setrlimit(), Linux sysctl() -- any more coming soon? ;)

Signed,
Solar Designer

Next message: Michael Warfield: "Re: Vulnerability in Majordomo"
Previous message: Kris Benson: "Re: Buffer overflow in /bin/bash"
Maybe in reply to: Ivo van der Wijk: "More ssh fun (sshd this time)"
Next in thread: Christopher Craig: "Re: More ssh fun (sshd this time)"