Subject: Re: [PATCH][WIP][v2] Fix out-of-buffer-boundary reads (Was: [SECURITY ADVISORY] Truncated Difffie-Hellman secret length)

Re: [PATCH][WIP][v2] Fix out-of-buffer-boundary reads (Was: [SECURITY ADVISORY] Truncated Difffie-Hellman secret length)

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Sun, 27 Mar 2016 23:20:45 +0200 (CEST)

On Sun, 27 Mar 2016, Yuriy M. Kaminskiy wrote:

> Ping? I'd like to stress out this issue has security imlications. At very
> least, DoS (and this is not a standalone application, so it is not a minor
> issue), and maybe host memory exposure too. (However, it is only heap
> over-reads, without heap/stack over-writes, so no risk of escalating to
> remote code execution).

I can only agree that we need cleanups and fixes to make the code less
trusting of remote packets.

It'd be easier if you'd break up your patch in smaller chunks so that they are
easier to review and merge step by step and I would also appreciate if you'd
add comments or use defines when you use magic constants in the code to aid
reviewers and future readers of the code to realize that the numbers come
from.

-- 
  / daniel.haxx.se
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2016-03-27