On Tue, 6 Jun 2023, Sam James wrote: >Not a comment on this particular bug, but as an FYI, sanitizers are >known to sometimes cause false-positive *compile*-time warnings Huh, they do? What happens here is that it thinks the pointer to newkeys->enc is a pointer to the first element (name) inside newkeys->enc, which is incorrect but probably correct elsewhere and I don’t know whether it can even distinguish them where it sits. But looking at this… newkeys->enc is an inlined struct sshenc inside struct newkeys, so why not just bzero the entire newkeys at once near the end instead of doing it piecemeal as if it were a pointer? bye, //mirabilos -- Infrastrukturexperte • tarent solutions GmbH Am Dickobskreuz 10, D-53121 Bonn • http://www.tarent.de/ Telephon +49 228 54881-393 • Fax: +49 228 54881-235 HRB AG Bonn 5168 • USt-ID (VAT): DE122264941 Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg **************************************************** /⁀\ The UTF-8 Ribbon ╲ ╱ Campaign against Mit dem tarent-Newsletter nichts mehr verpassen: ╳ HTML eMail! Also, https://www.tarent.de/newsletter ╱ ╲ header encryption! **************************************************** _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
