https://bugzilla.mindrot.org/show_bug.cgi?id=2687

--- Comment #30 from Darren Tucker <[email protected]> ---
Comment on attachment 3176
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3176
New patch set (openssh-7.8)



>@@ -186,11 +186,16 @@ proto_spec(const char *spec)
> char *
> compat_cipher_proposal(char *cipher_prop)

This has been fixed (after some headaches).

>       if (!(datafellows & SSH_BUG_BIGENDIANAES))
>               return cipher_prop;
>       debug2("%s: original cipher proposal: %s", __func__, cipher_prop);
>-      if ((cipher_prop = match_filter_blacklist(cipher_prop, "aes*")) == NULL)
>+      np = match_filter_blacklist(cipher_prop, "aes*");
>+      if (np == NULL)
>               fatal("match_filter_blacklist failed");
>+      free(cipher_prop);
>+      cipher_prop = np;
>       debug2("%s: compat cipher proposal: %s", __func__, cipher_prop);
>       if (*cipher_prop == '\0')
>               fatal("No supported ciphers found");
>@@ -200,11 +205,16 @@ compat_cipher_proposal(char *cipher_prop)
> char *
> compat_pkalg_proposal(char *pkalg_prop)


This function has been reduced to more or less a no-op.  We removed
support for these ancient (~20yo) buggy implementations, and when we
removed the bug bits we were able to delete almost all of this
function.


>@@ -779,6 +779,7 @@ deserialise_array(struct sshbuf *m, char ***ap, size_t *np)
>       n = tmp;
>       if (n > 0 && (a = calloc(n, sizeof(*a))) == NULL) {
>               r = SSH_ERR_ALLOC_FAIL;
>+              n = 0;
>               goto out;
>       }

I think this one is now unnecessary, although there's not quite enough
context to see, but I think this was fixed later with a NULL test in
the out: path.

 out:
        if (a != NULL) {
                for (i = 0; i < n; i++)
                        free(a[i]);
                free(a);
        }

>diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
[...]
>+#include <stdlib.h>

This has already been fixed.

>diff --git a/openbsd-compat/setproctitle.c b/openbsd-compat/setproctitle.c
[...]
>+      size_t len = 0;

This has already been fixed.

> ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
[...]
>+      int len, r, ms_remain = 0;

Applied, thanks.

still need to go through the rest starting from do_setup_env

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

Reply via email to