Re: Invalid memory access / read stack overflow when reading config with zero bytes

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Mon, 30 Mar 2015, Hanno B?ck wrote:

> On Mon, 30 Mar 2015 09:19:02 +1100 (AEDT)
> Damien Miller <djm@xxxxxxxxxxx> wrote:
> 
> > What version of OpenSSH is this?
> 
> 6.8 portable on Linux.

That's strange - the line numbers in the valgrind stack trace don't
match. E.g.

==5578==    at 0x4C2CFCA: __GI_strchr (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==5578==    by 0x117B6B: process_config_line (readconf.c:785)
==5578==    by 0x119DED: read_config_file (readconf.c:1633)

> > Also, when reporting fuzzer-derived problems it really helps to
> > include the test-case.
> 
> The "test case" is a one byte file containing a zero byte. But here it
> is :-)

Ok, I'll see if I can reproduce.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux