[5194] in bugtraq
Re: More ssh fun (sshd this time)
daemon@ATHENA.MIT.EDU (Solar Designer)
Wed Aug 27 02:14:06 1997
Date: Wed, 27 Aug 1997 05:48:44 -0300
Reply-To: Solar Designer <solar@FALSE.COM>
From: Solar Designer <solar@FALSE.COM>
X-To: shadows@whitefang.com
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.BSF.3.95q.970823153041.10128R-100000@whatever.kuwait.net>
from "Thamer Al-Herbish" at Aug 23, 97 03:31:26 pm
Hello!
> + if (port > 65535)
> + packet_disconnect("Requested port is %d is invalid",port);
This still doesn't fix the problem since port is defined as a signed int,
and negative values will pass your check. Of course, their lower 16 bits
may represent a privileged port number.
BTW, it looks like integer overflows and negative number problems are quite
common: sshd, Linux setrlimit(), Linux sysctl() -- any more coming soon? ;)
Signed,
Solar Designer
