Bug 2170 - Potential integer overflow
Summary: Potential integer overflow
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: -current
Hardware: Other Linux
: P5 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks: V_6_5
  Show dependency treegraph
 
Reported: 2013-11-12 15:08 AEDT by Loganaden Velvindron
Modified: 2016-08-02 10:42 AEST (History)
1 user (show)

See Also:


Attachments
potential_overflow_fix (638 bytes, text/plain)
2013-11-12 15:08 AEDT, Loganaden Velvindron
dtucker: ok+
Details
improve diff (switch 1000 to ULL) (738 bytes, text/plain)
2013-12-02 07:18 AEDT, Loganaden Velvindron
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Loganaden Velvindron 2013-11-12 15:08:46 AEDT
Created attachment 2373 [details]
potential_overflow_fix

in serverloop.c:

	max_time_milliseconds = options.client_alive_interval * 1000;

client_alive_interval is declare as int.

        int     client_alive_interval;  /*
                                         * poke the client this often to
                                         * see if it's still there

max_time_milliseconds is declared as u_int64_t.

Can this potentially result in an overflow due to multiplication ?
Comment 1 Darren Tucker 2013-11-13 06:57:18 AEDT
looks reasonable, add to the list for 6.5
Comment 2 Loganaden Velvindron 2013-12-02 07:18:50 AEDT
Created attachment 2379 [details]
improve diff (switch 1000 to ULL)

switch 1000 from integer to unsigned long long.
Comment 3 Loganaden Velvindron 2013-12-09 00:18:36 AEDT
ping :-) ?

Any feedback on the 1 line diff :-) ?
Comment 4 Darren Tucker 2013-12-19 11:19:58 AEDT
Damien and I ended up having a bikeshed discussion on this :-)

I think casting the second argument is unnecessary since it'll get promoted to unsigned long long anyway.

First patch applied, it'll be in the next release.

Thanks.
Comment 5 Loganaden Velvindron 2013-12-19 15:26:04 AEDT
(In reply to Darren Tucker from comment #4)
> Damien and I ended up having a bikeshed discussion on this :-)
> 
> I think casting the second argument is unnecessary since it'll get
> promoted to unsigned long long anyway.
> 
> First patch applied, it'll be in the next release.
> 
> Thanks.

Thank you very much !
Comment 6 Damien Miller 2016-08-02 10:42:03 AEST
Close all resolved bugs after 7.3p1 release