summaryrefslogtreecommitdiffstats
path: root/0004-libssh2-1.8.0-CVE-2019-3858.patch
diff options
context:
space:
mode:
Diffstat (limited to '0004-libssh2-1.8.0-CVE-2019-3858.patch')
-rw-r--r--0004-libssh2-1.8.0-CVE-2019-3858.patch30
1 files changed, 30 insertions, 0 deletions
diff --git a/0004-libssh2-1.8.0-CVE-2019-3858.patch b/0004-libssh2-1.8.0-CVE-2019-3858.patch
new file mode 100644
index 0000000..04914c5
--- /dev/null
+++ b/0004-libssh2-1.8.0-CVE-2019-3858.patch
@@ -0,0 +1,30 @@
+From f06cf3a20dc3f54b7a9fc8127eb7719462caab39 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Tue, 19 Mar 2019 13:32:05 +0100
+Subject: [PATCH] Resolves: CVE-2019-3858 - fix zero-byte allocation
+
+... with a specially crafted SFTP packet leading to an out-of-bounds read
+
+Upstream-Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch
+---
+ src/sftp.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/sftp.c b/src/sftp.c
+index 7c44116..65cef85 100644
+--- a/src/sftp.c
++++ b/src/sftp.c
+@@ -345,6 +345,10 @@ sftp_packet_read(LIBSSH2_SFTP *sftp)
+ return _libssh2_error(session,
+ LIBSSH2_ERROR_CHANNEL_PACKET_EXCEEDED,
+ "SFTP packet too large");
++ if (sftp->partial_len == 0)
++ return _libssh2_error(session,
++ LIBSSH2_ERROR_ALLOC,
++ "Unable to allocate empty SFTP packet");
+
+ _libssh2_debug(session, LIBSSH2_TRACE_SFTP,
+ "Data begin - Packet Length: %lu",
+--
+2.17.2
+
generated by cgit (git 2.34.1) at 2024-06-30 02:11:18 +0000