rpms / libssh2

Clone
Source Code
GIT

Blame SOURCES/0004-libssh2-1.8.0-CVE-2019-3858.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-rhel c8-stream-rhel
  1.   0b3366a35a87aaee8b6488e383e7a0e9f2c2d8e5
  2.   SOURCES
  3.   0004-libssh2-1.8.0-CVE-2019-3858.patch
Blob History Raw
0b3366 
From f06cf3a20dc3f54b7a9fc8127eb7719462caab39 Mon Sep 17 00:00:00 2001
0b3366 
From: Kamil Dudka <kdudka@redhat.com>
0b3366 
Date: Tue, 19 Mar 2019 13:32:05 +0100
0b3366 
Subject: [PATCH] Resolves: CVE-2019-3858 - fix zero-byte allocation
0b3366
0b3366 
... with a specially crafted SFTP packet leading to an out-of-bounds read
0b3366
0b3366 
Upstream-Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch
0b3366 
---
0b3366 
 src/sftp.c | 4 ++++
0b3366 
 1 file changed, 4 insertions(+)
0b3366
0b3366 
diff --git a/src/sftp.c b/src/sftp.c
0b3366 
index 7c44116..65cef85 100644
0b3366 
--- a/src/sftp.c
0b3366 
+++ b/src/sftp.c
0b3366 
@@ -345,6 +345,10 @@ sftp_packet_read(LIBSSH2_SFTP *sftp)
0b3366 
                 return _libssh2_error(session,
0b3366 
                                       LIBSSH2_ERROR_CHANNEL_PACKET_EXCEEDED,
0b3366 
                                       "SFTP packet too large");
0b3366 
+            if (sftp->partial_len == 0)
0b3366 
+                return _libssh2_error(session,
0b3366 
+                                      LIBSSH2_ERROR_ALLOC,
0b3366 
+                                      "Unable to allocate empty SFTP packet");
0b3366
0b3366 
             _libssh2_debug(session, LIBSSH2_TRACE_SFTP,
0b3366 
                            "Data begin - Packet Length: %lu",
0b3366 
--
0b3366 
2.17.2
0b3366

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation