Bug 2460

Summary: Non-zero return values are not properly returned from openssh_RSA_verify
Product: Portable OpenSSH Reporter: Basil Crow <me>
Component: sshdAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED FIXED    
Severity: normal CC: djm
Priority: P5    
Version: 7.1p1   
Hardware: All   
OS: All   
Bug Depends on:    
Bug Blocks: 2451    

Description Basil Crow 2015-09-09 07:19:03 AEST 
openssh_RSA_verify in ssh-rsa.c defines ret to be of type size_t, which is unsigned. It then assigns signed values such as SSH_ERR_INTERNAL_ERROR (-1) to ret. Finally, it returns ret (a size_t), while the method signature of openssh_RSA_verify is defined as returning type int. The method works as intended to some degree, in that on success it returns 0 and on failure it returns non-zero. But if one were to try to do something with the return value on failure, one would find it to be garbage. The same goes for trying to observe the return value with a debugger. This problem could easily be fixed by declaring ret to be of type int.
Comment 1 Damien Miller 2015-09-09 10:53:21 AEST 
Fixed - thanks.
Comment 2 Damien Miller 2016-08-02 10:41:24 AEST 
Close all resolved bugs after 7.3p1 release