Re: Invalid memory access / read stack overflow when reading config with zero bytes

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Thanks,

What version of OpenSSH is this?

Also, when reporting fuzzer-derived problems it really helps to include
the test-case.

-d

On Sun, 29 Mar 2015, Hanno B?ck wrote:

> Hi,
> 
> When ssh accesses a config file that contains a zero byte it'll expose
> a stack overflow. This can only be seen with valgrind or with compiling
> ssh with address sanitizer. I'll attach the address sanitizer and
> valgrind output.
> 
> Reproduce:
> dd if=/dev/zero of=zero bs=1 count=1
> valgrind -q ssh -F zero x
> 
> This was found while fuzzing ssh with american fuzzy lop.
> 
> (Please CC me on replies, I'm not subscribed to the list.)
> 
> cu,
> -- 
> Hanno B?ck
> http://hboeck.de/
> 
> mail/jabber: hanno@xxxxxxxxx
> GPG: BBB51E42
> 
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux