Date: Mon, 02 Nov 1998 02:15:44 -0700 From: Brett Glass <brett@lariat.org> To: "Matthew N. Dodd" <winter@jurai.net>, Peter Jeremy <peter.jeremy@auss2.alcatel.com.au> Cc: freebsd-security@FreeBSD.ORG Subject: Re: SSH vsprintf patch. (You've been warned Mr. Glass) Message-ID: <4.1.19981102021507.00c0b200@127.0.0.1> In-Reply-To: <Pine.BSF.4.02.9811012348160.17054-100000@sasami.jurai.net> References: <98Nov2.132551est.40330@border.alcanet.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Just tried these. Your sprintf patches are failing for some reason.... --Brett At 12:13 AM 11/2/98 -0500, Matthew N. Dodd wrote: >On Mon, 2 Nov 1998, Peter Jeremy wrote: >> ssh also contains a large number of sprintf() calls. Not all of these >> are immediately innocuous. There are also 2 sscanf() calls with %s >> formats which could be dangerous. Not to mention the str[n]cat() and >> str[n]cpy() calls. Unfortunately I have another bushfire to worry >> about right now, or I'd check through them as well. > >ftp.jurai.net:/users/winter/ > > ssh1226.sprintf.patch > ssh1226.vsprintf.patch > >> The problem with C is that there are too many ways to shoot yourself >> in the foot... A full security audit on ssh (which it sounds like it >> might need) would be fairly time-consuming. > >Indeed. My approach was (is) to address the easy things that could be >broken. I'll probably work on sscanf issues next unless someone beats me >to it. Going through the code and fixing improper logic I'll leave to >someone with more of a burr up their ass. :) > >-- >| Matthew N. Dodd | 78 280Z | 75 164E | 84 245DL | FreeBSD/NetBSD/Sprite/VMS | >| winter@jurai.net | This Space For Rent | ix86,sparc,m68k,pmax,vax | >| http://www.jurai.net/~winter | Are you k-rad elite enough for my webpage? | > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.19981102021507.00c0b200>