import from RHEL 7.7

1 files changed, 124 insertions, 0 deletions

diff --git a/0003-libssh2-1.8.0-CVE-2019-3857.patch b/0003-libssh2-1.8.0-CVE-2019-3857.patch
new file mode 100644
index 0000000..ea264d2
--- /dev/null
+++ b/0003-libssh2-1.8.0-CVE-2019-3857.patch
@@ -0,0 +1,124 @@
+From cbd8d5c44701f97eccd6602e3d745fc37a8d7ff4 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Tue, 19 Mar 2019 13:29:35 +0100
+Subject: [PATCH 1/2] Resolves: CVE-2019-3857 - fix integer overflow in SSH
+ packet processing channel
+
+... resulting in out of bounds write
+
+Upstream-Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3857.patch
+---
+ include/libssh2.h | 12 ++++++++++++
+ src/packet.c      | 11 +++++++++--
+ 2 files changed, 21 insertions(+), 2 deletions(-)
+
+diff --git a/include/libssh2.h b/include/libssh2.h
+index 34d2842..e25c380 100644
+--- a/include/libssh2.h
++++ b/include/libssh2.h
+@@ -145,6 +145,18 @@ typedef int libssh2_socket_t;
+ #define LIBSSH2_INVALID_SOCKET -1
+ #endif /* WIN32 */
+ 
++#ifndef SIZE_MAX
++#if _WIN64
++#define SIZE_MAX 0xFFFFFFFFFFFFFFFF
++#else
++#define SIZE_MAX 0xFFFFFFFF
++#endif
++#endif
++
++#ifndef UINT_MAX
++#define UINT_MAX 0xFFFFFFFF
++#endif
++
+ /*
+  * Determine whether there is small or large file support on windows.
+  */
+diff --git a/src/packet.c b/src/packet.c
+index 5f1feb8..aa10633 100644
+--- a/src/packet.c
++++ b/src/packet.c
+@@ -815,8 +815,15 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
+                         /* set signal name (without SIG prefix) */
+                         uint32_t namelen =
+                             _libssh2_ntohu32(data + 9 + sizeof("exit-signal"));
+-                        channelp->exit_signal =
+-                            LIBSSH2_ALLOC(session, namelen + 1);
++
++                        if(namelen <= UINT_MAX - 1) {
++                            channelp->exit_signal =
++                                LIBSSH2_ALLOC(session, namelen + 1);
++                        }
++                        else {
++                            channelp->exit_signal = NULL;
++                        }
++
+                         if (!channelp->exit_signal)
+                             rc = _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
+                                                 "memory for signal name");
+-- 
+2.17.2
+
+
+From 0708c71871976ccf6d45fd0971a079d271413f92 Mon Sep 17 00:00:00 2001
+From: Michael Buckley <michael@buckleyisms.com>
+Date: Mon, 18 Mar 2019 15:07:12 -0700
+Subject: [PATCH 2/2] Move fallback SIZE_MAX and UINT_MAX to libssh2_priv.h
+
+Upstream-commit: 31d0b1a8530b959bd12c2074dc6e883e1eda8207
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ include/libssh2.h  | 12 ------------
+ src/libssh2_priv.h | 12 ++++++++++++
+ 2 files changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/include/libssh2.h b/include/libssh2.h
+index e25c380..34d2842 100644
+--- a/include/libssh2.h
++++ b/include/libssh2.h
+@@ -145,18 +145,6 @@ typedef int libssh2_socket_t;
+ #define LIBSSH2_INVALID_SOCKET -1
+ #endif /* WIN32 */
+ 
+-#ifndef SIZE_MAX
+-#if _WIN64
+-#define SIZE_MAX 0xFFFFFFFFFFFFFFFF
+-#else
+-#define SIZE_MAX 0xFFFFFFFF
+-#endif
+-#endif
+-
+-#ifndef UINT_MAX
+-#define UINT_MAX 0xFFFFFFFF
+-#endif
+-
+ /*
+  * Determine whether there is small or large file support on windows.
+  */
+diff --git a/src/libssh2_priv.h b/src/libssh2_priv.h
+index b4296a2..bb5d1a5 100644
+--- a/src/libssh2_priv.h
++++ b/src/libssh2_priv.h
+@@ -146,6 +146,18 @@ static inline int writev(int sock, struct iovec *iov, int nvecs)
+ 
+ #endif
+ 
++#ifndef SIZE_MAX
++#if _WIN64
++#define SIZE_MAX 0xFFFFFFFFFFFFFFFF
++#else
++#define SIZE_MAX 0xFFFFFFFF
++#endif
++#endif
++
++#ifndef UINT_MAX
++#define UINT_MAX 0xFFFFFFFF
++#endif
++
+ /* RFC4253 section 6.1 Maximum Packet Length says:
+  *
+  * "All implementations MUST be able to process packets with
+-- 
+2.17.2
+