- dtucker@cvs.openbsd.org 2013/12/19 00:19:12

[serverloop.c]
     Cast client_alive_interval to u_int64_t before assinging to
     max_time_milliseconds to avoid potential integer overflow in the timeout.
     bz#2170, patch from Loganaden Velvindron, ok djm@

ChangeLog

@@ -6,6 +6,11 @@
      [ssh-add.c]
      skip requesting smartcard PIN when removing keys from agent; bz#2187
      patch from jay AT slushpupie.com; ok dtucker
+   - dtucker@cvs.openbsd.org 2013/12/19 00:19:12
+     [serverloop.c]
+     Cast client_alive_interval to u_int64_t before assinging to
+     max_time_milliseconds to avoid potential integer overflow in the timeout.
+     bz#2170, patch from Loganaden Velvindron, ok djm@
 
 20131221
  - (dtucker) [regress/keytype.sh] Actually test ecdsa key types.

serverloop.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: serverloop.c,v 1.168 2013/07/12 00:19:59 djm Exp $ */
+/* $OpenBSD: serverloop.c,v 1.169 2013/12/19 00:19:12 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -304,7 +304,8 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
 	if (compat20 &&
 	    max_time_milliseconds == 0 && options.client_alive_interval) {
 		client_alive_scheduled = 1;
-		max_time_milliseconds = options.client_alive_interval * 1000;
+		max_time_milliseconds =
+		    (u_int64_t)options.client_alive_interval * 1000;
 	}
 
 	if (compat20) {