head	1.2;
access;
symbols;
locks; strict;
comment	@# @;


1.2
date	2013.08.07.11.06.39;	author drochner;	state dead;
branches;
next	1.1;
commitid	HG1z67uc9xxOOv0x;

1.1
date	2013.08.06.12.23.37;	author drochner;	state Exp;
branches;
next	;
commitid	ho7vmWcWYWCQho0x;


desc
@@


1.2
log
@update to 0.63
This fixes a buffer overflow which was patched in pkgsrc (CVE-2013-4852),
two other buffer overflows (CVE-2013-4206, CVE-2013-4207), and
it clears private keys after use now (CVE-2013-4208).
Other than that, there are mostly bug fixes from 0.62 and a few
small features.
@
text
@$NetBSD: patch-CVE-2013-4852-1,v 1.1 2013/08/06 12:23:37 drochner Exp $

see http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896

--- sshdss.c.orig	2007-10-03 21:21:18.000000000 +0000
+++ sshdss.c
@@@@ -43,6 +43,8 @@@@ static void getstring(char **data, int *
     if (*datalen < 4)
 	return;
     *length = GET_32BIT(*data);
+    if (*length < 0)
+	return;
     *datalen -= 4;
     *data += 4;
     if (*datalen < *length)
@@@@ -98,7 +100,7 @@@@ static void *dss_newkey(char *data, int 
     }
 #endif
 
-    if (!p || memcmp(p, "ssh-dss", 7)) {
+    if (!p || slen != 7 || memcmp(p, "ssh-dss", 7)) {
 	sfree(dss);
 	return NULL;
     }
@


1.1
log
@add patch from upstream to fix possible heap overflow in SSH handshake
due to integer overflow (CVE-2013-4852)
bump PKGREV
@
text
@d1 1
a1 1
$NetBSD$
@