diff options
Diffstat (limited to '0007-libssh2-1.8.0-CVE-2019-3861.patch')
| -rw-r--r-- | 0007-libssh2-1.8.0-CVE-2019-3861.patch | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/0007-libssh2-1.8.0-CVE-2019-3861.patch b/0007-libssh2-1.8.0-CVE-2019-3861.patch new file mode 100644 index 0000000..d40bb71 --- /dev/null +++ b/0007-libssh2-1.8.0-CVE-2019-3861.patch @@ -0,0 +1,28 @@ +From 77bc71f4ca2949a11110092034dd0705faa6d7b5 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka <kdudka@redhat.com> +Date: Tue, 19 Mar 2019 13:43:34 +0100 +Subject: [PATCH] Resolves: CVE-2019-3861 - fix out-of-bounds reads with + specially crafted SSH packets + +Upstream-Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch +--- + src/transport.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/transport.c b/src/transport.c +index 5349284..6224c4f 100644 +--- a/src/transport.c ++++ b/src/transport.c +@@ -442,6 +442,9 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session) + } + + p->padding_length = block[4]; ++ if ( p->padding_length > p->packet_length - 1 ) { ++ return LIBSSH2_ERROR_DECRYPT; ++ } + + /* total_num is the number of bytes following the initial + (5 bytes) packet length and padding length fields */ +-- +2.17.2 + |