Hi, I'm not a programmer nor able to fully understand the code of openssh in detail - hence my question here. Out of curiosity I was looking at the patch for CVE-2002-0083 and tried to understand what the actual problem is, but failed: --- channels_old.c Mon Mar 4 02:07:06 2002 +++ channels.c Mon Mar 4 02:07:16 2002 @@ -151,7 +151,7 @@ channel_lookup(int id) { Channel *c; - if (id < 0 || id > channels_alloc) { + if (id < 0 || id >= channels_alloc) { log("channel_lookup: %d: bad id", id); return NULL; } What does that mean? If id is less than 0 (are we talking about the unix uid?) or id greater than channels_alloc - log & return null) Is this check for detecting users (not root) trying to do something nasty? Thank you. Stefan _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev