openssh

Dag-Erling Smørgrav Tue, 19 Nov 2013 01:36:22 -0800

Author: des
Date: Tue Nov 19 09:35:20 2013
New Revision: 258335
URL: http://svnweb.freebsd.org/changeset/base/258335


Log:
  Pre-zero the MAC context.
  
  Security:     CVE-2013-4548
  Security:     FreeBSD-SA-13:14.openssh
  Approved by:  re (implicit)

Modified:
  stable/10/crypto/openssh/monitor_wrap.c

Modified: stable/10/crypto/openssh/monitor_wrap.c
==============================================================================
--- stable/10/crypto/openssh/monitor_wrap.c     Tue Nov 19 01:07:25 2013        
(r258334)
+++ stable/10/crypto/openssh/monitor_wrap.c     Tue Nov 19 09:35:20 2013        
(r258335)
@@ -482,7 +482,7 @@ mm_newkeys_from_blob(u_char *blob, int b
        buffer_init(&b);
        buffer_append(&b, blob, blen);
 
-       newkey = xmalloc(sizeof(*newkey));
+       newkey = xcalloc(1, sizeof(*newkey));
        enc = &newkey->enc;
        mac = &newkey->mac;
        comp = &newkey->comp;
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r258335 - stable/10/crypto/openssh

Reply via email to