[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Problem in ssh_message_global_request_reply_success (server.c)


Hi guys,

we've found a problem with return code of ssh_buffer_pack in ssh_message_global_request_reply_success (module server.c, version 0.7.0 and 0.7.1).

This function is the only one in this module, where the return code (rc) of ssh_buffer_pack is checked against SSH_ERROR, but it must be checked against SSH_OK. I've marked the line 749 in the code below.



int ssh_message_global_request_reply_success(ssh_message msg, uint16_t bound_port) {
    int rc;

    SSH_LOG(SSH_LOG_FUNCTIONS, "Accepting a global request");

    if (msg->global_request.want_reply) {
        if (buffer_add_u8(msg->session->out_buffer
                    , SSH2_MSG_REQUEST_SUCCESS) < 0) {
            goto error;
        }

        if(msg->global_request.type == SSH_GLOBAL_REQUEST_TCPIP_FORWARD
                                && msg->global_request.bind_port == 0) {
            rc = ssh_buffer_pack(msg->session->out_buffer, "d", bound_port);
#############
           if (rc != SSH_ERROR) {
#############
                ssh_set_error_oom(msg->session);
                goto error;
            }
        }

        return packet_send(msg->session);
    }

    if(msg->global_request.type == SSH_GLOBAL_REQUEST_TCPIP_FORWARD
                                && msg->global_request.bind_port == 0) {
        SSH_LOG(SSH_LOG_PACKET,
                "The client doesn't want to know the remote port!");
    }

    return SSH_OK;
error:
    return SSH_ERROR;
}

Best regards
Andreas Gutschick
________________________________
NOTE: This e-mail (including any attachments) is for the sole use of the intended recipient(s) and may contain information that is confidential and/or protected by legal privilege. Any unauthorized review, use, copy, disclosure or distribution of this e-mail is strictly prohibited. If you are not the intended recipient, please notify Mitel immediately and destroy all copies of this e-mail. Mitel does not accept any liability for breach of security, error or virus that may result from the transmission of this message.
HINWEIS: Diese E-Mail, inklusive aller Anhänge, ist ausschließlich für die Verwendung durch den Empfänger bestimmt und kann Informationen enthalten, die rechtlich vertraulich und geschützt zu behandeln sind. Jede nicht autorisierte Einsicht, Nutzung, Vervielfältigung, Veröffentlichung oder Verteilung dieser E-Mail ist strengstens untersagt. Sind Sie nicht der ursprüngliche Empfänger dieser Nachricht, unterrichten Sie Mitel bitte umgehend und vernichten diese E-Mail und alle Kopien. Mitel übernimmt keine Haftung bei Verletzung der Sicherheit, Einbruch, Fehlern oder Viren, die durch die Übertragung dieser Nachricht verursacht werden.

Follow-Ups:
Re: Problem in ssh_message_global_request_reply_success (server.c)Andreas Schneider <asn@xxxxxxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org