DragonFly commits List (threaded) for 2003-09
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: cvs commit: src/crypto/openssh buffer.c

From:	rivo nurges <rix@xxxxxxxxx>
Date:	Tue, 16 Sep 2003 16:21:32 +0000

On Tue, Sep 16, 2003 at 09:28:15AM -0700, Matthew Dillon wrote:
>     Beat me to it.  I'm still trying to figure out what the 
>     security hole is, though.  Can another thread access the
>     buffer while it is being expanded?  I have no idea.

I'm not specialist but for me it seems that buffer->alloc get's 
new value before xrealloc() and if (buffer->alloc > 0xa00000) is 
between them not before buffer->alloc += len + 32768;

-- 
rix
http://www.ripe.net/perl/whois?rix@xxxxxxxxx

References:
- cvs commit: src/crypto/openssh buffer.c
  - From: David Rhodus
- Re: cvs commit: src/crypto/openssh buffer.c
  - From: Matthew Dillon

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]