Re: [PATCH][WIP][v2] Fix out-of-buffer-boundary reads

of past PRs > not being taken for whatever reason. I'm able to identify certain class of problems (as I said below in OP, "code around _libssh2_ntohu32 often looks wrong, please review and fix it"), but I don't understand libssh2 code to extent I can design replacement. >> On Mar 31, 20

Re: [PATCH][WIP][v2] Fix out-of-buffer-boundary reads

On 31.03.2019 14:23, Yuriy M. Kaminskiy wrote: > FTR, (some) problems that was addressed by this patch was (apparently > independently) rediscovered 3 years later, assigned CVE-2019-38{55...63} > and fixed (differently; I have not checked if fixed code covers all > cases was covered

Re: [PATCH][WIP][v2] Fix out-of-buffer-boundary reads

016-03-27 22:28 , Yuriy M. Kaminskiy wrote: > Ping? I'd like to stress out this issue has security imlications. At > very least, DoS (and this is not a standalone application, so it is not > a minor issue), and maybe host memory exposure too. (However, it is only > heap over-reads, wi

Re: time to release another libssh2 version!

Daniel Stenberg writes: > I think it is about time we ship another release. The OpenSSL 1.1.0 > support being a major reason I think. > > So, please bring up your issues that we should squeeze in before we > release. E.g. that libssh2 uses oversized exponent (private key) in DH

[PATCH][WIP][v2] Re: [SECURITY ADVISORY] Truncated Difffie-Hellman secret length

"George Garner (online)" writes: [...] > 3. Where is the p_len/group_order parameter validated? In > kex_method_diffie_hellman_group_exchange_sha256_key_exchange it is > converted from network byte order and accepted at face value. What > happens if a malicious