From owner-freebsd-security@FreeBSD.ORG  Tue Sep 16 09:32:02 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id EF26A16A4B3; Tue, 16 Sep 2003 09:32:02 -0700 (PDT)
Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 56D3943FB1; Tue, 16 Sep 2003 09:32:02 -0700 (PDT)
	(envelope-from dillon@apollo.backplane.com)
Received: from apollo.backplane.com (localhost [127.0.0.1])
	by apollo.backplane.com (8.12.9/8.12.6) with ESMTP id h8GGW1VI002729;
	Tue, 16 Sep 2003 09:32:02 -0700 (PDT)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.12.9/8.12.6/Submit) id h8GGW1PC002728;
	Tue, 16 Sep 2003 09:32:01 -0700 (PDT)
Date: Tue, 16 Sep 2003 09:32:01 -0700 (PDT)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <200309161632.h8GGW1PC002728@apollo.backplane.com>
To: "Jacques A. Vidrine" <nectar@freebsd.org>
References: <20030916134347.GA30359@madman.celabo.org>
	<20030916161121.GA91300@madman.celabo.org>
cc: Udo Schweigert <udo.schweigert@siemens.com>
cc: freebsd-security@freebsd.org
Subject: Re: OpenSSH heads-up
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Sep 2003 16:32:03 -0000


:
:On Tue, Sep 16, 2003 at 06:05:43PM +0200, Udo Schweigert wrote:
:> On Tue, Sep 16, 2003 at 08:43:47 -0500, Jacques A. Vidrine wrote:
:> > OK, an official OpenSSH advisory was released, see here:
:> > <URL: http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html >
:> > 
:> > The fix is currently in FreeBSD -CURRENT and -STABLE.  It will be
:> > applied to the security branches as well today.  Attached are patches:
:> > 
:> >    buffer46.patch -- For FreeBSD 4.6-RELEASE and later
:> >    buffer45.patch -- For FreeBSD 4.5-RELEASE and earlier
:> > 
:> 
:> And what about the port /usr/ports/security/openssh-portable? It should - at
:> least - be fixed for the 4.9-RELEASE.
:
:Ports fixed about 3 hours 27 minutes ago :-)
:
:Cheers,
:-- 
:Jacques Vidrine   . NTT/Verio SME      . FreeBSD UNIX       . Heimdal
:nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se
:_______________________________________________
:freebsd-security@freebsd.org mailing list
:http://lists.freebsd.org/mailman/listinfo/freebsd-security
:To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

    I've been staring at the patch for 30 minutes and I can't figure
    out what it is supposed to fix.  Is there some other thread or
    signal or something that might access the buffer while it's length
    is in an indeterminant state?  The code doesn't seem to be structured
    for that case.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>