Commit 68b8e6cf authored by deuce's avatar deuce
Browse files

Fix buffer overflow (in buffer variable even!) detected by FORTIFY_SOURCE

and reported by wkitty42... you can turn ssh back on now. :D
parent 6370a9a0
--- session/ssh2_crypt.c.orig 2019-01-21 16:56:04.000000000 -0500
+++ session/ssh2_crypt.c 2020-02-14 02:36:21.428805000 -0500
+++ session/ssh2_crypt.c 2020-02-14 14:15:11.144585000 -0500
@@ -55,12 +55,12 @@
/* Walk along the counter incrementing each byte if required */
LOOP_MED( i = blockSize - 1, i >= 0, i-- )
......@@ -13,5 +13,14 @@
- ENSURES( ctrMSB != 0 || ctrMSBnext != ctrPtr[ blockSize - 2 ] );
+ ENSURES( (ctrPtr[ blockSize - 1 ] != 0 || ctrMSBnext != ctrPtr[ blockSize - 2 ]) );
return( CRYPT_OK );
}
@@ -388,7 +388,7 @@
memcpy( sshInfo->writeCTR, buffer, sessionInfoPtr->cryptBlocksize );
else
memcpy( sshInfo->readCTR, buffer, sessionInfoPtr->cryptBlocksize );
- zeroise( buffer, CRYPT_MAX_KEYSIZE );
+ zeroise( buffer, CRYPT_MAX_HASHSIZE );
return( CRYPT_OK );
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment