CVE-2002-0083 - whats the problem? beginners question

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi,

I'm not a programmer nor able to fully understand the code of openssh in detail - hence my question here.

Out of curiosity I was looking at the patch for CVE-2002-0083 and tried to understand what the actual problem is, but failed:

--- channels_old.c    Mon Mar  4 02:07:06 2002
+++ channels.c    Mon Mar  4 02:07:16 2002
@@ -151,7 +151,7 @@
 channel_lookup(int id)
 {
     Channel *c;
-    if (id < 0 || id > channels_alloc) {
+    if (id < 0 || id >= channels_alloc) {
         log("channel_lookup: %d: bad id", id);
         return NULL;
     }


What does that mean? 
If id is less than 0 (are we talking about the unix uid?)
or id greater than channels_alloc - log & return null)

Is this check for detecting users (not root) trying to do something nasty? 

Thank you.

Stefan

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux