CVS commit: src/crypto/external/bsd/openssh/dist

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src/crypto/external/bsd/openssh/dist
From: "S.P.Zeidler" <spz%netbsd.org@localhost>
Date: Sun, 15 Dec 2013 10:42:52 +0000

Module Name:    src
Committed By:   spz
Date:           Sun Dec 15 10:42:52 UTC 2013

Modified Files:
        src/crypto/external/bsd/openssh/dist: servconf.c

Log Message:
Coverity issues 996120 and 996121, Use after free

Use the M_CP_STROPT definition exclusive to servconf.c twice and
you have freed your original string.

servconf.h won copying authorized_keys_command and
authorized_keys_command_user in COPY_MATCH_STRING_OPTS in 1.107,
but servconf.c didn't drop its own, so it walks into this trap.
Remove the duplicate copies, and disarm the trap.

Note this is on a code path where authorized_keys_command and
authorized_keys_command_user don't actually get used except
for a debug dump of the config, and dump_cfg_string protects
itself against trying to print NULL pointers, so all
you get is sshd -T -C ... giving wrong results, which is rather
insignificant as far as security issues go.


To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/servconf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src/sys/dev/usb
Next by Date: CVS commit: src/sys/dev/ic
Previous by Thread: CVS commit: src/sys/dev/usb
Next by Thread: CVS commit: src/sys/dev/ic
Indexes:

Home | Main Index | Thread Index | Old Index