Bugtraq mailing list archives
Re: severe error in SSH session key recovery patch
From: Steve Watt <steve () NOSPAM WATT COM insecure org>
Date: Sun, 11 Mar 2001 01:38:15 GMT
In article <982032860-m2n-gw () Watt COM>, Kari Hurtta <hurtta+zz () LEIJA MH FMI FI> wrote:
1) { 2) static time_t last_kill_time = 0; 3) if (time(NULL) - last_kill_time > 60 && getppid() != 1) 4) { 5) last_kill_time = time(NULL); 6) kill(SIGALRM, getppid()); 7) } 8) fatal("Bad result from rsa_private_decrypt"); 9) }It is static variable -- not auto variable. That means that, on second execution of that code block,
There is no second execution of that code block; after the if (time(... block is done, fatal("Bad result...") gets called. Always. And thus last_kill_time doesn't get updated in any useful place, since this sshd ceases to exist. -- Steve Watt KD6GGD PP-ASEL-IA ICBM: 121W 56' 57.8" / 37N 20' 14.9" Internet: steve @ Watt.COM Whois: SW32 Free time? There's no such thing. It just comes in varying prices...
Current thread:
- Re: severe error in SSH session key recovery patch Steve Watt (Mar 11)