Fix an input validation error that can result in an integer overflow
and privilege escalation.

Apply by doing:
       cd /usr/src
       patch -p0 < 006_sshpreauth.patch
       cd usr.bin/ssh
       make obj
       make cleandir
       make depend
       make && make install

Index: auth2-chall.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/auth2-chall.c,v
retrieving revision 1.18
diff -u -r1.18 auth2-chall.c
--- usr.bin/ssh/auth2-chall.c       19 Jun 2002 00:27:55 -0000      1.18
+++ usr.bin/ssh/auth2-chall.c       26 Jun 2002 09:37:03 -0000
@@ -256,6 +256,8 @@

       authctxt->postponed = 0;        /* reset */
       nresp = packet_get_int();
+       if (nresp > 100)
+               fatal("input_userauth_info_response: nresp too big %u", nresp);
       if (nresp > 0) {
               response = xmalloc(nresp * sizeof(char*));
       for (i = 0; i < nresp; i++)

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.