diff options
Diffstat (limited to '0003-libssh2-1.8.0-CVE-2019-3857.patch')
| -rw-r--r-- | 0003-libssh2-1.8.0-CVE-2019-3857.patch | 124 |
1 files changed, 0 insertions, 124 deletions
diff --git a/0003-libssh2-1.8.0-CVE-2019-3857.patch b/0003-libssh2-1.8.0-CVE-2019-3857.patch deleted file mode 100644 index ea264d2..0000000 --- a/0003-libssh2-1.8.0-CVE-2019-3857.patch +++ /dev/null @@ -1,124 +0,0 @@ -From cbd8d5c44701f97eccd6602e3d745fc37a8d7ff4 Mon Sep 17 00:00:00 2001 -From: Kamil Dudka <kdudka@redhat.com> -Date: Tue, 19 Mar 2019 13:29:35 +0100 -Subject: [PATCH 1/2] Resolves: CVE-2019-3857 - fix integer overflow in SSH - packet processing channel - -... resulting in out of bounds write - -Upstream-Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3857.patch ---- - include/libssh2.h | 12 ++++++++++++ - src/packet.c | 11 +++++++++-- - 2 files changed, 21 insertions(+), 2 deletions(-) - -diff --git a/include/libssh2.h b/include/libssh2.h -index 34d2842..e25c380 100644 ---- a/include/libssh2.h -+++ b/include/libssh2.h -@@ -145,6 +145,18 @@ typedef int libssh2_socket_t; - #define LIBSSH2_INVALID_SOCKET -1 - #endif /* WIN32 */ - -+#ifndef SIZE_MAX -+#if _WIN64 -+#define SIZE_MAX 0xFFFFFFFFFFFFFFFF -+#else -+#define SIZE_MAX 0xFFFFFFFF -+#endif -+#endif -+ -+#ifndef UINT_MAX -+#define UINT_MAX 0xFFFFFFFF -+#endif -+ - /* - * Determine whether there is small or large file support on windows. - */ -diff --git a/src/packet.c b/src/packet.c -index 5f1feb8..aa10633 100644 ---- a/src/packet.c -+++ b/src/packet.c -@@ -815,8 +815,15 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, - /* set signal name (without SIG prefix) */ - uint32_t namelen = - _libssh2_ntohu32(data + 9 + sizeof("exit-signal")); -- channelp->exit_signal = -- LIBSSH2_ALLOC(session, namelen + 1); -+ -+ if(namelen <= UINT_MAX - 1) { -+ channelp->exit_signal = -+ LIBSSH2_ALLOC(session, namelen + 1); -+ } -+ else { -+ channelp->exit_signal = NULL; -+ } -+ - if (!channelp->exit_signal) - rc = _libssh2_error(session, LIBSSH2_ERROR_ALLOC, - "memory for signal name"); --- -2.17.2 - - -From 0708c71871976ccf6d45fd0971a079d271413f92 Mon Sep 17 00:00:00 2001 -From: Michael Buckley <michael@buckleyisms.com> -Date: Mon, 18 Mar 2019 15:07:12 -0700 -Subject: [PATCH 2/2] Move fallback SIZE_MAX and UINT_MAX to libssh2_priv.h - -Upstream-commit: 31d0b1a8530b959bd12c2074dc6e883e1eda8207 -Signed-off-by: Kamil Dudka <kdudka@redhat.com> ---- - include/libssh2.h | 12 ------------ - src/libssh2_priv.h | 12 ++++++++++++ - 2 files changed, 12 insertions(+), 12 deletions(-) - -diff --git a/include/libssh2.h b/include/libssh2.h -index e25c380..34d2842 100644 ---- a/include/libssh2.h -+++ b/include/libssh2.h -@@ -145,18 +145,6 @@ typedef int libssh2_socket_t; - #define LIBSSH2_INVALID_SOCKET -1 - #endif /* WIN32 */ - --#ifndef SIZE_MAX --#if _WIN64 --#define SIZE_MAX 0xFFFFFFFFFFFFFFFF --#else --#define SIZE_MAX 0xFFFFFFFF --#endif --#endif -- --#ifndef UINT_MAX --#define UINT_MAX 0xFFFFFFFF --#endif -- - /* - * Determine whether there is small or large file support on windows. - */ -diff --git a/src/libssh2_priv.h b/src/libssh2_priv.h -index b4296a2..bb5d1a5 100644 ---- a/src/libssh2_priv.h -+++ b/src/libssh2_priv.h -@@ -146,6 +146,18 @@ static inline int writev(int sock, struct iovec *iov, int nvecs) - - #endif - -+#ifndef SIZE_MAX -+#if _WIN64 -+#define SIZE_MAX 0xFFFFFFFFFFFFFFFF -+#else -+#define SIZE_MAX 0xFFFFFFFF -+#endif -+#endif -+ -+#ifndef UINT_MAX -+#define UINT_MAX 0xFFFFFFFF -+#endif -+ - /* RFC4253 section 6.1 Maximum Packet Length says: - * - * "All implementations MUST be able to process packets with --- -2.17.2 - |