Bug 2460 - Non-zero return values are not properly returned from openssh_RSA_verify
Summary: Non-zero return values are not properly returned from openssh_RSA_verify
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 7.1p1
Hardware: All All
: P5 normal
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks: V_7_2
  Show dependency treegraph
 
Reported: 2015-09-09 07:19 AEST by Basil Crow
Modified: 2016-08-02 10:41 AEST (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Basil Crow 2015-09-09 07:19:03 AEST 
openssh_RSA_verify in ssh-rsa.c defines ret to be of type size_t, which is unsigned. It then assigns signed values such as SSH_ERR_INTERNAL_ERROR (-1) to ret. Finally, it returns ret (a size_t), while the method signature of openssh_RSA_verify is defined as returning type int. The method works as intended to some degree, in that on success it returns 0 and on failure it returns non-zero. But if one were to try to do something with the return value on failure, one would find it to be garbage. The same goes for trying to observe the return value with a debugger. This problem could easily be fixed by declaring ret to be of type int.
Comment 1 Damien Miller 2015-09-09 10:53:21 AEST 
Fixed - thanks.
Comment 2 Damien Miller 2016-08-02 10:41:24 AEST 
Close all resolved bugs after 7.3p1 release