From owner-freebsd-security  Mon Nov  2 11:01:45 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA19086
          for freebsd-security-outgoing; Mon, 2 Nov 1998 11:01:45 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA19077
          for <freebsd-security@FreeBSD.ORG>; Mon, 2 Nov 1998 11:01:42 -0800 (PST)
          (envelope-from brett@lariat.org)
Received: (from brett@localhost)
	by lariat.lariat.org (8.8.8/8.8.6) id MAA27394;
	Mon, 2 Nov 1998 12:01:26 -0700 (MST)
Message-Id: <4.1.19981102021507.00c0b200@127.0.0.1>
X-Sender: brett@127.0.0.1
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 
Date: Mon, 02 Nov 1998 02:15:44 -0700
To: "Matthew N. Dodd" <winter@jurai.net>,
        Peter Jeremy <peter.jeremy@auss2.alcatel.com.au>
From: Brett Glass <brett@lariat.org>
Subject: Re: SSH vsprintf patch. (You've been warned Mr. Glass)
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <Pine.BSF.4.02.9811012348160.17054-100000@sasami.jurai.net>
References: <98Nov2.132551est.40330@border.alcanet.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Just tried these. Your sprintf patches are failing for some reason....

--Brett


At 12:13 AM 11/2/98 -0500, Matthew N. Dodd wrote:
 
>On Mon, 2 Nov 1998, Peter Jeremy wrote:
>> ssh also contains a large number of sprintf() calls.  Not all of these
>> are immediately innocuous.  There are also 2 sscanf() calls with %s
>> formats which could be dangerous.  Not to mention the str[n]cat() and
>> str[n]cpy() calls.  Unfortunately I have another bushfire to worry
>> about right now, or I'd check through them as well.
>
>ftp.jurai.net:/users/winter/
>
>	ssh1226.sprintf.patch
>	ssh1226.vsprintf.patch
>
>> The problem with C is that there are too many ways to shoot yourself
>> in the foot...  A full security audit on ssh (which it sounds like it
>> might need) would be fairly time-consuming.
>
>Indeed.  My approach was (is) to address the easy things that could be
>broken.  I'll probably work on sscanf issues next unless someone beats me
>to it.  Going through the code and fixing improper logic I'll leave to
>someone with more of a burr up their ass. :)
>
>-- 
>| Matthew N. Dodd  | 78 280Z | 75 164E | 84 245DL |
FreeBSD/NetBSD/Sprite/VMS |
>| winter@jurai.net |      This Space For Rent     |
ix86,sparc,m68k,pmax,vax  |
>| http://www.jurai.net/~winter | Are you k-rad elite enough for my
webpage?   |
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message