- markus@cvs.openbsd.org 2006/09/19 21:14:08
[packet.c]
client NULL deref on protocol error; Tavis Ormandy, Google Security Team
diff --git a/ChangeLog b/ChangeLog
index 0373fe1..704668e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,9 @@
Use S_IS* macros insted of masking with S_IF* flags. The latter may
have multiple bits set, which lead to surprising results. Spotted by
Paul Stoeber, more to come. ok millert@ pedro@ jaredy@ djm@
+ - markus@cvs.openbsd.org 2006/09/19 21:14:08
+ [packet.c]
+ client NULL deref on protocol error; Tavis Ormandy, Google Security Team
20060918
- (dtucker) [configure.ac] On AIX, check to see if the compiler will allow
@@ -5465,4 +5468,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.4553 2006/09/21 02:59:33 dtucker Exp $
+$Id: ChangeLog,v 1.4554 2006/09/21 03:00:25 dtucker Exp $
diff --git a/packet.c b/packet.c
index da843b2..6d58ebc 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.144 2006/09/16 19:53:37 djm Exp $ */
+/* $OpenBSD: packet.c,v 1.145 2006/09/19 21:14:08 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -691,6 +691,9 @@
*/
after_authentication = 1;
for (mode = 0; mode < MODE_MAX; mode++) {
+ /* protocol error: USERAUTH_SUCCESS received before NEWKEYS */
+ if (newkeys[mode] == NULL)
+ continue;
comp = &newkeys[mode]->comp;
if (comp && !comp->enabled && comp->type == COMP_DELAYED) {
packet_init_compression();