Re: Invalid memory access / read stack overflow when reading config with zero bytes

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Mon, 30 Mar 2015, Hanno B?ck wrote:

> On Mon, 30 Mar 2015 10:43:18 +1100 (AEDT)
> Damien Miller <djm@xxxxxxxxxxx> wrote:
> 
> > reproduced; the line numbers were wrong.
> 
> Sorry for the line numbers, should've thought of that. I used the
> standard Gentoo package and it seems it does patching on that file.
> 
> I can confirm your patch fixes the issue, thanks. Will now run another
> fuzzing job with the patch applied, will inform you if it finds
> anything.

Thanks - we'll certainly fix bugs in config parsing, but they aren't
that interesting from a security perspective. Someone who can write
to ~/.ssh/config already has arbitrary code execution via ProxyCommand,
etc.

authorized_keys is a good thing to fuzz if you can set up a good test
enviornment. I've spent about a CPU-month fuzzing key parsing and KRLs,
so I have some confidence that they are clean.

cf. https://anongit.mindrot.org/openssh-fuzz-cases.git/

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux