- dtucker@cvs.openbsd.org 2013/12/19 00:19:12

     [serverloop.c]
     Cast client_alive_interval to u_int64_t before assinging to
     max_time_milliseconds to avoid potential integer overflow in the timeout.
     bz#2170, patch from Loganaden Velvindron, ok djm@

diff --git a/ChangeLog b/ChangeLog
index 32ec354e85293cf2122800ca7fd423e19c98223f..041cfe83187eccc5fe43376ad7d78071557fcb76 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,11 @@
      [ssh-add.c]
      skip requesting smartcard PIN when removing keys from agent; bz#2187
      patch from jay AT slushpupie.com; ok dtucker
+   - dtucker@cvs.openbsd.org 2013/12/19 00:19:12
+     [serverloop.c]
+     Cast client_alive_interval to u_int64_t before assinging to
+     max_time_milliseconds to avoid potential integer overflow in the timeout.
+     bz#2170, patch from Loganaden Velvindron, ok djm@
 
 20131221
  - (dtucker) [regress/keytype.sh] Actually test ecdsa key types.

diff --git a/serverloop.c b/serverloop.c
index ccbad617d51d094872b40478bf337068cba91768..5b2f8028d20a9709e3afc4f4f44088c97b3bfc92 100644 (file)
--- a/serverloop.c
+++ b/serverloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: serverloop.c,v 1.168 2013/07/12 00:19:59 djm Exp $ */
+/* $OpenBSD: serverloop.c,v 1.169 2013/12/19 00:19:12 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -304,7 +304,8 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
        if (compat20 &&
            max_time_milliseconds == 0 && options.client_alive_interval) {
                client_alive_scheduled = 1;
-               max_time_milliseconds = options.client_alive_interval * 1000;
+               max_time_milliseconds =
+                   (u_int64_t)options.client_alive_interval * 1000;
        }
 
        if (compat20) {