Subject: Re: [PINE-CERT-20020301] OpenSSH off-by-one
To: <>
From: Dave Huang <>
List: netbsd-users
Date: 03/07/2002 22:04:04
On Thu, 7 Mar 2002, Brian A. Seklecki wrote:
> It just got commited (i imagine the 1-5 branch will be brought up, too).
> I imagine this warrants a security advisory?

I just cvs'd -current and tried to compile, and it's bombing out in the
sftp directory:

/usr/tools/bin/alpha--netbsd-gcc -O2 -pipe -mcpu=ev56 -Wall -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wno-uninitialized  -Werror  -I/usr/src.local/usr.bin/ssh/sftp/../../../crypto/dist/ssh -DHAVE_LOGIN_CAP -nostdinc -isystem /usr/include  -c /usr/src.local/usr.bin/ssh/sftp/../../../crypto/dist/ssh/sftp-client.c
cc1: warnings being treated as errors
/usr/src.local/usr.bin/ssh/sftp/../../../crypto/dist/ssh/sftp-client.c: In function `do_download':
/usr/src.local/usr.bin/ssh/sftp/../../../crypto/dist/ssh/sftp-client.c:821: warning: long long unsigned int format, u_int64_t arg (arg 2)
[ a couple more format warnings ]

This is on an alpha... 64-bit issues, I assume.
Name: Dave Huang         |  Mammal, mammal / their names are called /
INet: |  they raise a paw / the bat, the cat /
FurryMUCK: Dahan         |  dolphin and dog / koala bear and hog -- TMBG
Dahan: Hani G Y+C 26 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+ PL++