From owner-freebsd-security  Wed Sep 26 15:35:56 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.wrs.com (unknown-1-11.windriver.com [147.11.1.11])
	by hub.freebsd.org (Postfix) with ESMTP id 4A4B537B401
	for <freebsd-security@FreeBSD.org>; Wed, 26 Sep 2001 15:35:52 -0700 (PDT)
Received: from laptop.baldwin.cx ([147.11.46.209])
	by mail.wrs.com (8.9.3/8.9.1) with ESMTP id PAA27656;
	Wed, 26 Sep 2001 15:35:38 -0700 (PDT)
Message-ID: <XFMail.010926153524.jhb@FreeBSD.org>
X-Mailer: XFMail 1.4.0 on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <200109262227.f8QMR6G33342@cwsys.cwsent.com>
Date: Wed, 26 Sep 2001 15:35:24 -0700 (PDT)
From: John Baldwin <jhb@FreeBSD.org>
To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
Subject: RE: OpenSSH Security Advisory (adv.option) (fwd)
Cc: freebsd-security@FreeBSD.org
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


On 26-Sep-01 Cy Schubert - ITSD Open Systems Group wrote:
> A weakness in OpenSSH's source IP based access control has been 
> discovered.

Looks like your mailer mungled the patch by appending extra '- ' to the
deletion lines.  It would be "fixed" below except that my mailer has the
braindead "feature" of converting tabs to spaces w/o any way to disable it that
I can find.

Index: key.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/key.c,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -p -IRCSID -r1.31 -r1.32
--- key.c   2001/09/17 20:50:22     1.31
+++ key.c     2001/09/19 13:23:29     1.32
@@ -358,7 +358,7 @@ write_bignum(FILE *f, BIGNUM *num)
      return 1;
 }
 
-/* returns 1 ok, -1 error, 0 type mismatch */
+/* returns 1 ok, -1 error */
 int
 key_read(Key *ret, char **cpp)
 {
@@ -413,7 +413,7 @@ key_read(Key *ret, char **cpp)
              } else if (ret->type != type) {
                      /* is a key, but different type */
                      debug3("key_read: type mismatch");
-                     return 0;
+                     return -1;
              }
              len = 2*strlen(cp);
              blob = xmalloc(len);

-- 

John Baldwin <jhb@FreeBSD.org> -- http://www.FreeBSD.org/~jhb/
PGP Key: http://www.baldwin.cx/~john/pgpkey.asc
"Power Users Use the Power to Serve!"  -  http://www.FreeBSD.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message