Source-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: src/crypto/dist/ssh



>> Modified Files:
>>      src/crypto/dist/ssh: buffer.c
>> 
>> Log Message:
>> Do not record expanded size before attempting to reallocate the associated
>> memory. From OpenBSD, via FreeBSD.

>What difference does this patch make? I just do not see it.

Just looking at buffer.c, yes the patch looks pointless.
Though, just looking at buffer.c you'd also call the xrealloc use
a bug.

Anyway, the problem is that fatal() can call a bunch of cleanup routines
one of which may process buffer which before this patch could be 
claiming to be bigger than it is.  It may not be exploitable (or it may)
but its better to fix.  Of course one could argue that fatal()
should do little more than print an error and die.

--sjg




Home | Main Index | Thread Index | Old Index