Tree - rpms/libssh2 - CentOS Git server

rpms / libssh2

Files

Commit: 0b3366a35a87aaee8b6488e383e7a0e9f2c2d8e5

Blob Blame History Raw

From 77bc71f4ca2949a11110092034dd0705faa6d7b5 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 19 Mar 2019 13:43:34 +0100
Subject: [PATCH] Resolves: CVE-2019-3861 - fix out-of-bounds reads with
 specially crafted SSH packets

Upstream-Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch
---
 src/transport.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/transport.c b/src/transport.c
index 5349284..6224c4f 100644
--- a/src/transport.c
+++ b/src/transport.c
@@ -442,6 +442,9 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session)
             }
 
             p->padding_length = block[4];
+            if ( p->padding_length > p->packet_length - 1 ) {
+                return LIBSSH2_ERROR_DECRYPT;
+            }
 
             /* total_num is the number of bytes following the initial
                (5 bytes) packet length and padding length fields */
-- 
2.17.2

rpms / libssh2

Source Code

Files