[Bug 1913] New: wrong type for version in sftp-server.c

bugzilla-daemon Thu, 09 Jun 2011 01:03:16 -0700

https://bugzilla.mindrot.org/show_bug.cgi?id=1913


           Summary: wrong type for version in sftp-server.c
           Product: Portable OpenSSH
           Version: 5.8p2
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sftp
        AssignedTo: [email protected]
        ReportedBy: [email protected]


The type of version is defined as (line 71, file: sftp-server.c):
int version;

but it should be defined as
u_int32_t version;

Why is this important? 
A client is submitting a value >= 2^31 in the client version (which is
okay according to the RFC). The code however interprets such a value as
a signed int and versions checks as the following will fail as a
result:
line 417
    if (version >= 3) {
        buffer_put_cstring(&msg, status_to_message(status));
        buffer_put_cstring(&msg, "");
    }

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 1913] New: wrong type for version in sftp-server.c

Reply via email to