Blame SOURCES/0101-libssh2-1.4.3-CVE-2016-0787.patch
|
 |
b760d6 |
From 7046d670d3803d484b7af490e529dc4619145cc2 Mon Sep 17 00:00:00 2001
|
|
|
b760d6 |
From: Daniel Stenberg <daniel@haxx.se>
|
|
|
b760d6 |
Date: Thu, 11 Feb 2016 13:52:20 +0100
|
|
|
b760d6 |
Subject: [PATCH] diffie_hellman_sha256: convert bytes to bits
|
|
|
b760d6 |
|
|
|
b760d6 |
As otherwise we get far too small numbers.
|
|
|
b760d6 |
|
|
|
b760d6 |
CVE-2016-0787
|
|
|
b760d6 |
|
|
|
b760d6 |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
b760d6 |
---
|
|
|
b760d6 |
src/kex.c | 2 +-
|
|
|
b760d6 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
b760d6 |
|
|
|
b760d6 |
diff --git a/src/kex.c b/src/kex.c
|
|
|
b760d6 |
index 5649248..f12797c 100644
|
|
|
b760d6 |
--- a/src/kex.c
|
|
|
b760d6 |
+++ b/src/kex.c
|
|
|
b760d6 |
@@ -103,7 +103,7 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
|
|
|
b760d6 |
memset(&exchange_state->req_state, 0, sizeof(packet_require_state_t));
|
|
|
b760d6 |
|
|
|
b760d6 |
/* Generate x and e */
|
|
|
b760d6 |
- _libssh2_bn_rand(exchange_state->x, group_order, 0, -1);
|
|
|
b760d6 |
+ _libssh2_bn_rand(exchange_state->x, group_order * 8 - 1, 0, -1);
|
|
|
b760d6 |
_libssh2_bn_mod_exp(exchange_state->e, g, exchange_state->x, p,
|
|
|
b760d6 |
exchange_state->ctx);
|
|
|
b760d6 |
|
|
|
b760d6 |
--
|
|
|
b760d6 |
2.5.0
|
|
|
b760d6 |
|