Bug 1842 - bug in client_input_channel_req causes segmentation violation
Summary: bug in client_input_channel_req causes segmentation violation
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: 5.6p1
Hardware: All All
: P2 major
Assignee: Damien Miller
URL:
Keywords:
Depends on:
Blocks: V_5_7
  Show dependency treegraph
 
Reported: 2010-11-23 05:45 AEDT by jchadima
Modified: 2011-01-24 12:33 AEDT (History)
1 user (show)

See Also:


Attachments
Patch solving the problem (544 bytes, patch)
2010-11-24 10:09 AEDT, Damien Miller
dtucker: ok+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description jchadima 2010-11-23 05:45:47 AEDT
in client_input_channel_req if the channel_lookup(id) is unsuccesful the error is reported, the variable c is still NULL and later is dereferenced
in c->remote_id.
Comment 1 Damien Miller 2010-11-24 10:09:47 AEDT
Created attachment 1962 [details]
Patch solving the problem

Yes, that is a bug.
Comment 2 Damien Miller 2010-11-24 10:57:42 AEDT
Patch applied - this will be in OpenSSH 5.7
Comment 3 Damien Miller 2011-01-24 12:33:45 AEDT
Move resolved bugs to CLOSED after 5.7 release