Bugzilla – Attachment 1015 Details for
Bug 1056
RekeyLimit can be ridiculously low and is undocumented.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Minimum 1k rekeylimit, check for integer wrap
rekeylimit.diff (text/plain), 1.59 KB, created by
Damien Miller
on 2005-10-30 11:33:18 AEDT
(
hide
)
Description:
Minimum 1k rekeylimit, check for integer wrap
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2005-10-30 11:33:18 AEDT
Size:
1.59 KB
patch
obsolete
> >Index: readconf.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/readconf.c,v >retrieving revision 1.143 >diff -u -p -r1.143 readconf.c >--- readconf.c 30 Jul 2005 02:03:47 -0000 1.143 >+++ readconf.c 30 Oct 2005 00:16:05 -0000 >@@ -294,7 +294,7 @@ process_config_line(Options *options, co > int *activep) > { > char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256]; >- int opcode, *intptr, value; >+ int opcode, *intptr, value, orig, scale; > size_t len; > Forward fwd; > >@@ -467,20 +467,34 @@ parse_yesnoask: > fatal("%.200s line %d: Missing argument.", filename, linenum); > if (arg[0] < '0' || arg[0] > '9') > fatal("%.200s line %d: Bad number.", filename, linenum); >- value = strtol(arg, &endofnumber, 10); >+ orig = value = strtol(arg, &endofnumber, 10); > if (arg == endofnumber) > fatal("%.200s line %d: Bad number.", filename, linenum); > switch (toupper(*endofnumber)) { >+ case '\0': >+ scale = 1; >+ break; > case 'K': >- value *= 1<<10; >+ scale = 1<<10; > break; > case 'M': >- value *= 1<<20; >+ scale = 1<<20; > break; > case 'G': >- value *= 1<<30; >+ scale = 1<<30; > break; >+ default: >+ fatal("%.200s line %d: Invalid RekeyLimit suffix", >+ filename, linenum); > } >+ value *= scale; >+ /* detect integer wrap */ >+ if ((value / scale) != orig) >+ fatal("%.200s line %d: RekeyLimit too large", >+ filename, linenum); >+ if (value < 1024) >+ fatal("%.200s line %d: RekeyLimit must be greater " >+ "than 1K", filename, linenum); > if (*activep && *intptr == -1) > *intptr = value; > break;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1015">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1056
:
929
| 1015