[19588] in bugtraq
Re: severe error in SSH session key recovery patch
daemon@ATHENA.MIT.EDU (Steve Watt)
Sun Mar 11 13:43:12 2001
Message-ID: <GA0F7r.ru@Watt.COM>
Date: Sun, 11 Mar 2001 01:38:15 GMT
Reply-To: steve@NOSPAM.WATT.COM
From: Steve Watt <steve@NOSPAM.WATT.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In article <982032860-m2n-gw@Watt.COM>,
Kari Hurtta <hurtta+zz@LEIJA.MH.FMI.FI> wrote:
>> 1) {
>> 2) static time_t last_kill_time = 0;
>> 3) if (time(NULL) - last_kill_time > 60 && getppid() != 1)
>> 4) {
>> 5) last_kill_time = time(NULL);
>> 6) kill(SIGALRM, getppid());
>> 7) }
>> 8) fatal("Bad result from rsa_private_decrypt");
>> 9) }
>>
>
>It is static variable -- not auto variable.
>
>That means that, on second execution of that code block,
There is no second execution of that code block; after the if (time(...
block is done, fatal("Bad result...") gets called. Always. And thus
last_kill_time doesn't get updated in any useful place, since this sshd
ceases to exist.
--
Steve Watt KD6GGD PP-ASEL-IA ICBM: 121W 56' 57.8" / 37N 20' 14.9"
Internet: steve @ Watt.COM Whois: SW32
Free time? There's no such thing. It just comes in varying prices...
