diff options
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 14 |
1 files changed, 14 insertions, 0 deletions
| @@ -11,6 +11,20 @@ | |||
| 11 | - djm@cvs.openbsd.org 2010/08/16 04:06:06 | 11 | - djm@cvs.openbsd.org 2010/08/16 04:06:06 |
| 12 | [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] | 12 | [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] |
| 13 | backout previous temporarily; discussed with deraadt@ | 13 | backout previous temporarily; discussed with deraadt@ |
| 14 | - djm@cvs.openbsd.org 2010/08/31 09:58:37 | ||
| 15 | [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c] | ||
| 16 | [packet.h ssh-dss.c ssh-rsa.c] | ||
| 17 | Add buffer_get_cstring() and related functions that verify that the | ||
| 18 | string extracted from the buffer contains no embedded \0 characters* | ||
| 19 | This prevents random (possibly malicious) crap from being appended to | ||
| 20 | strings where it would not be noticed if the string is used with | ||
| 21 | a string(3) function. | ||
| 22 | |||
| 23 | Use the new API in a few sensitive places. | ||
| 24 | |||
| 25 | * actually, we allow a single one at the end of the string for now because | ||
| 26 | we don't know how many deployed implementations get this wrong, but don't | ||
| 27 | count on this to remain indefinitely. | ||
| 14 | 28 | ||
| 15 | 20100827 | 29 | 20100827 |
| 16 | - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated, | 30 | - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated, |