[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#909022: openssh-client: Incorrect flag test in getrrsetbyname()

Package: openssh-client
Version: 1:7.4p1-10+deb9u4
Severity: minor
Tags: patch

I was curious about how OpenSSH does DNSSEC validation, and found the
patch that adds support for doing this with glibc (dnssec-sshfp.patch).

However, there is a minor bug in the change to getrrsetbyname().  It
validates the flags parameter with:

	if ((flags & !RRSET_FORCE_EDNS0) != 0) { ... }

But this condition will always be false, because !RRSET_FORCE_EDNS0 ==
0.  The "!" operator was presumably meant to be "~".


-- System Information:
Debian Release: 9.5
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (500,
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 4.9.0-7-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages openssh-client depends on:
ii  adduser           3.115
ii  dpkg              1.18.25
ii  libc6             2.24-11+deb9u3
ii  libedit2          3.1-20160903-3
ii  libgssapi-krb5-2  1.15-1+deb9u1
ii  libselinux1       2.6-3+b3
ii  libssl1.0.2       1.0.2l-2+deb9u3
ii  passwd            1:4.4-4.1
ii  zlib1g            1:1.2.8.dfsg-5

Versions of packages openssh-client recommends:
ii  xauth  1:1.0.9-1+b2

Versions of packages openssh-client suggests:
pn  keychain      <none>
pn  libpam-ssh    <none>
pn  monkeysphere  <none>
pn  ssh-askpass   <none>

-- no debconf information

Ben Hutchings, Software Developer                         Codethink Ltd
https://www.codethink.co.uk/                 Dale House, 35 Dale Street
                                     Manchester, M1 2HF, United Kingdom

Reply to: