From 77bc71f4ca2949a11110092034dd0705faa6d7b5 Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Tue, 19 Mar 2019 13:43:34 +0100 Subject: [PATCH] Resolves: CVE-2019-3861 - fix out-of-bounds reads with specially crafted SSH packets Upstream-Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch --- src/transport.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/transport.c b/src/transport.c index 5349284..6224c4f 100644 --- a/src/transport.c +++ b/src/transport.c @@ -442,6 +442,9 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session) } p->padding_length = block[4]; + if ( p->padding_length > p->packet_length - 1 ) { + return LIBSSH2_ERROR_DECRYPT; + } /* total_num is the number of bytes following the initial (5 bytes) packet length and padding length fields */ -- 2.17.2