Date: Mon, 2 Nov 1998 00:13:23 -0500 (EST) From: "Matthew N. Dodd" <winter@jurai.net> To: Peter Jeremy <peter.jeremy@auss2.alcatel.com.au> Cc: freebsd-security@FreeBSD.ORG Subject: Re: SSH vsprintf patch. (You've been warned Mr. Glass) Message-ID: <Pine.BSF.4.02.9811012348160.17054-100000@sasami.jurai.net> In-Reply-To: <98Nov2.132551est.40330@border.alcanet.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 2 Nov 1998, Peter Jeremy wrote: > ssh also contains a large number of sprintf() calls. Not all of these > are immediately innocuous. There are also 2 sscanf() calls with %s > formats which could be dangerous. Not to mention the str[n]cat() and > str[n]cpy() calls. Unfortunately I have another bushfire to worry > about right now, or I'd check through them as well. ftp.jurai.net:/users/winter/ ssh1226.sprintf.patch ssh1226.vsprintf.patch > The problem with C is that there are too many ways to shoot yourself > in the foot... A full security audit on ssh (which it sounds like it > might need) would be fairly time-consuming. Indeed. My approach was (is) to address the easy things that could be broken. I'll probably work on sscanf issues next unless someone beats me to it. Going through the code and fixing improper logic I'll leave to someone with more of a burr up their ass. :) -- | Matthew N. Dodd | 78 280Z | 75 164E | 84 245DL | FreeBSD/NetBSD/Sprite/VMS | | winter@jurai.net | This Space For Rent | ix86,sparc,m68k,pmax,vax | | http://www.jurai.net/~winter | Are you k-rad elite enough for my webpage? | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02.9811012348160.17054-100000>