| Summary: | Potential integer overflow | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Loganaden Velvindron <loganaden> | ||||||
| Component: | sshd | Assignee: | Assigned to nobody <unassigned-bugs> | ||||||
| Status: | CLOSED FIXED | ||||||||
| Severity: | enhancement | CC: | dtucker | ||||||
| Priority: | P5 | ||||||||
| Version: | -current | ||||||||
| Hardware: | Other | ||||||||
| OS: | Linux | ||||||||
| Bug Depends on: | |||||||||
| Bug Blocks: | 2130 | ||||||||
| Attachments: |
|
||||||||
looks reasonable, add to the list for 6.5 Created attachment 2379 [details]
improve diff (switch 1000 to ULL)
switch 1000 from integer to unsigned long long.
ping :-) ? Any feedback on the 1 line diff :-) ? Damien and I ended up having a bikeshed discussion on this :-) I think casting the second argument is unnecessary since it'll get promoted to unsigned long long anyway. First patch applied, it'll be in the next release. Thanks. (In reply to Darren Tucker from comment #4) > Damien and I ended up having a bikeshed discussion on this :-) > > I think casting the second argument is unnecessary since it'll get > promoted to unsigned long long anyway. > > First patch applied, it'll be in the next release. > > Thanks. Thank you very much ! Close all resolved bugs after 7.3p1 release |
Created attachment 2373 [details] potential_overflow_fix in serverloop.c: max_time_milliseconds = options.client_alive_interval * 1000; client_alive_interval is declare as int. int client_alive_interval; /* * poke the client this often to * see if it's still there max_time_milliseconds is declared as u_int64_t. Can this potentially result in an overflow due to multiplication ?