1842 – bug in client_input_channel_req causes segmentation violation

Bug 1842 - bug in client_input_channel_req causes segmentation violation

Summary: bug in client_input_channel_req causes segmentation violation

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	ssh (show other bugs)
Version:	5.6p1
Hardware:	All All

Importance:	P2 major
Assignee:	Damien Miller

URL:
Keywords:

Depends on:
Blocks:	V_5_7
	Show dependency tree / graph

Reported:	2010-11-23 05:45 AEDT by jchadima
Modified:	2011-01-24 12:33 AEDT (History)
CC List:	1 user (show)

See Also:

Attachments
Patch solving the problem (544 bytes, patch) 2010-11-24 10:09 AEDT, Damien Miller	dtucker: ok+	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description jchadima 2010-11-23 05:45:47 AEDT

in client_input_channel_req if the channel_lookup(id) is unsuccesful the error is reported, the variable c is still NULL and later is dereferenced
in c->remote_id.

Comment 1 Damien Miller 2010-11-24 10:09:47 AEDT

Created attachment 1962 [details]
Patch solving the problem

Yes, that is a bug.

Comment 2 Damien Miller 2010-11-24 10:57:42 AEDT

Patch applied - this will be in OpenSSH 5.7

Comment 3 Damien Miller 2011-01-24 12:33:45 AEDT

Move resolved bugs to CLOSED after 5.7 release