OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archives: Re: SSH nonstandard port / redirection.

Re: SSH nonstandard port / redirection.

Dug Song (dugsongmonkey.org)
Thu, 18 Nov 1999 11:54:56 -0500 (EST)

On 18 Nov 1999, Lorens Kockum wrote:

> Wanna bugfix fast :-(

you may be interested in OpenSSH, the open-source version of SSH included
in OpenBSD-2.6:

        http://www.openssh.com/

OpenSSH never had ssh-1.2.27's RSAREF bug, because in the course of the
code audit, all unfriendly code (non-POSIX, patented crypto, etc.) was
ripped out. the source is roughly half the size of the ssh-1.2.27
distribution, and is freely available under a BSD-style license - unlike
ssh-1.2.27 (which is only for non-commercial use).

if you must use ssh-1.2.27, there are several patches floating around for
it, including one in the OpenBSD /usr/ports/security/ssh third-party port.
see message attachment.

-d. 

---
http://www.monkey.org/~dugsong/


--- rsaglue.c.orig	Wed May 12 07:19:28 1999
+++ rsaglue.c	Wed Nov 10 09:30:32 1999
 -139,6 +139,10 
 
   input_bits = mpz_sizeinbase(input, 2);
   input_len = (input_bits + 7) / 8;
+  if (input_len > sizeof(input_data))
+    fatal("Attempted to encrypt a block too large (%d bytes, %d max).",
+    	input_len, sizeof(input_data));
+
   gmp_to_rsaref(input_data, input_len, input);
 
   rsaref_public_key(&public_key, key);
 -172,6 +176,10 
   
   input_bits = mpz_sizeinbase(input, 2);
   input_len = (input_bits + 7) / 8;
+  if (input_len > sizeof(input_data))
+    fatal("Received session key too long (%d bytes, %d max).",
+    	input_len, sizeof(input_data));
+
   gmp_to_rsaref(input_data, input_len, input);
 
   rsaref_private_key(&private_key, key);

This archive was generated by hypermail 2.0b3 on Mon Nov 22 1999 - 17:56:13 CST