rpms / libssh2

Clone
Source Code
GIT

Blame SOURCES/0007-libssh2-1.8.0-CVE-2019-3861.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-rhel c8-stream-rhel
  1.   d780b0e0b99dea70ad33f182d61727048aaf9e7c
  2.   SOURCES
  3.   0007-libssh2-1.8.0-CVE-2019-3861.patch
Blob History Raw
d780b0 
From 77bc71f4ca2949a11110092034dd0705faa6d7b5 Mon Sep 17 00:00:00 2001
d780b0 
From: Kamil Dudka <kdudka@redhat.com>
d780b0 
Date: Tue, 19 Mar 2019 13:43:34 +0100
d780b0 
Subject: [PATCH] Resolves: CVE-2019-3861 - fix out-of-bounds reads with
d780b0 
 specially crafted SSH packets
d780b0
d780b0 
Upstream-Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch
d780b0 
---
d780b0 
 src/transport.c | 3 +++
d780b0 
 1 file changed, 3 insertions(+)
d780b0
d780b0 
diff --git a/src/transport.c b/src/transport.c
d780b0 
index 5349284..6224c4f 100644
d780b0 
--- a/src/transport.c
d780b0 
+++ b/src/transport.c
d780b0 
@@ -442,6 +442,9 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session)
d780b0 
             }
d780b0
d780b0 
             p->padding_length = block[4];
d780b0 
+            if ( p->padding_length > p->packet_length - 1 ) {
d780b0 
+                return LIBSSH2_ERROR_DECRYPT;
d780b0 
+            }
d780b0
d780b0 
             /* total_num is the number of bytes following the initial
d780b0 
                (5 bytes) packet length and padding length fields */
d780b0 
--
d780b0 
2.17.2
d780b0

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation