[5210] in bugtraq
Re: More ssh fun (sshd this time)
daemon@ATHENA.MIT.EDU (Christopher Craig)
Wed Aug 27 19:55:09 1997
Date: Wed, 27 Aug 1997 11:48:35 -0400
Reply-To: Christopher Craig <ccraig@CC.GATECH.EDU>
From: Christopher Craig <ccraig@CC.GATECH.EDU>
X-To: Solar Designer <solar@FALSE.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Solar Designer's message of Wed, 27 Aug 1997 05:48:44 -0300
Included From: Solar Designer <solar@FALSE.COM>:
> > + if (port > 65535)
> > + packet_disconnect("Requested port is %d is invalid",port);
>
> This still doesn't fix the problem since port is defined as a signed int,
> and negative values will pass your check. Of course, their lower 16 bits
> may represent a privileged port number.
>
The lines directly after this in the code are
if (port < 1024 && !is_root)
packet_disconnect("Requested forwarding of port %d but user is not root.",
It looks like that should catch negative (as well as privileged)
port numbers, so I don't think the patch really has to fix that
problem at all.
--
Christopher Craig (ccraig@cc.gatech.edu)
"You could shoot Microsoft Office off the planet and this country would
run better. You would see everyone standing around saying, 'I've got
so much time now.' " Scott McNealy (CEO of Sun)
PGP Key Verification: EE B1 F3 A0 3F BC 3C C7 81 61 F1 91 6E 99 13 65
http://www.cc.gatech.edu/people/home/ccraig
