[Bug 3730] New: Integer overflow when adding 6000 and display_number

bugzilla-daemon Wed, 11 Sep 2024 04:02:03 -0700

https://bugzilla.mindrot.org/show_bug.cgi?id=3730


            Bug ID: 3730
           Summary: Integer overflow when adding 6000 and display_number
           Product: Portable OpenSSH
           Version: 9.8p1
          Hardware: Other
                OS: All
            Status: NEW
          Severity: minor
          Priority: P5
         Component: Build system
          Assignee: [email protected]
          Reporter: [email protected]

File:
https://github.com/openssh/openssh-portable/blob/master/channels.c
Line: 5239

There is virtually no chance of integer overflow when adding 6000 to
display_number. The display_number variable is read from a string
containing the value of the DISPLAY environment variable, which
typically points to an X server on the system. The variable is of type
unsigned int, which limits its range of values to 0 to UINT_MAX. In
theory, for overflow to occur, display_number must be large enough that
the sum exceeds the maximum value for unsigned int.

The following check can be added to rule out the possibility of integer
overflow:

if (display_number > UINT_MAX - 6000) {
error("display_number too large, possible integer overflow.");
return -1;
}

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 3730] New: Integer overflow when adding 6000 and display_number

Reply via email to