https://bugzilla.mindrot.org/show_bug.cgi?id=2478
Darren Tucker <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2725| |ok- Flags| | --- Comment #1 from Darren Tucker <[email protected]> --- Comment on attachment 2725 --> https://bugzilla.mindrot.org/attachment.cgi?id=2725 Fix >+ if (ch == 0x1B && buf[i+1] == '[') { If the escape char is the last byte in the buffer then the control-sequence detection won't work and you'll get an out-of-bounds read. Admittedly this is unlikely in regular usage, but certainly possible for a malicious server and maybe possible by traffic shaping a legit connection. -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
