diff options
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 14 |
1 files changed, 14 insertions, 0 deletions
@@ -11,6 +11,20 @@ | |||
11 | - djm@cvs.openbsd.org 2010/08/16 04:06:06 | 11 | - djm@cvs.openbsd.org 2010/08/16 04:06:06 |
12 | [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] | 12 | [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] |
13 | backout previous temporarily; discussed with deraadt@ | 13 | backout previous temporarily; discussed with deraadt@ |
14 | - djm@cvs.openbsd.org 2010/08/31 09:58:37 | ||
15 | [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c] | ||
16 | [packet.h ssh-dss.c ssh-rsa.c] | ||
17 | Add buffer_get_cstring() and related functions that verify that the | ||
18 | string extracted from the buffer contains no embedded \0 characters* | ||
19 | This prevents random (possibly malicious) crap from being appended to | ||
20 | strings where it would not be noticed if the string is used with | ||
21 | a string(3) function. | ||
22 | |||
23 | Use the new API in a few sensitive places. | ||
24 | |||
25 | * actually, we allow a single one at the end of the string for now because | ||
26 | we don't know how many deployed implementations get this wrong, but don't | ||
27 | count on this to remain indefinitely. | ||
14 | 28 | ||
15 | 20100827 | 29 | 20100827 |
16 | - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated, | 30 | - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated, |