summaryrefslogtreecommitdiffstats
path: root/0001-libssh2-1.8.0-CVE-2019-3855.patch
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2022-06-26 17:42:09 +0200
committerRemi Collet <remi@php.net>2022-06-26 17:42:09 +0200
commit20e61c0a1471086c99fd346cfd200b865b30bf57 (patch)
tree629172d26f48a80e34e3b06866f7db5c19d2a2d2 /0001-libssh2-1.8.0-CVE-2019-3855.patch
parent6c2df6054475dd31fa2ce3f5ebeef77bc4537f4a (diff)
rename to remi-libssh2 for EL-7 and EL-8HEADmaster
update to 1.10.0
Diffstat (limited to '0001-libssh2-1.8.0-CVE-2019-3855.patch')
-rw-r--r--0001-libssh2-1.8.0-CVE-2019-3855.patch33
1 files changed, 0 insertions, 33 deletions
diff --git a/0001-libssh2-1.8.0-CVE-2019-3855.patch b/0001-libssh2-1.8.0-CVE-2019-3855.patch
deleted file mode 100644
index 746b515..0000000
--- a/0001-libssh2-1.8.0-CVE-2019-3855.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From db657a96ca37d87cceff14db66645ba17024803c Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Tue, 19 Mar 2019 13:16:53 +0100
-Subject: [PATCH] Resolves: CVE-2019-3855 - fix integer overflow in transport read
-
-... resulting in out of bounds write
-
-Upstream-Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3855.patch
----
- src/transport.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/src/transport.c b/src/transport.c
-index 8725da0..5349284 100644
---- a/src/transport.c
-+++ b/src/transport.c
-@@ -434,8 +434,12 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session)
- * and we can extract packet and padding length from it
- */
- p->packet_length = _libssh2_ntohu32(block);
-- if (p->packet_length < 1)
-+ if(p->packet_length < 1) {
- return LIBSSH2_ERROR_DECRYPT;
-+ }
-+ else if(p->packet_length > LIBSSH2_PACKET_MAXPAYLOAD) {
-+ return LIBSSH2_ERROR_OUT_OF_BOUNDARY;
-+ }
-
- p->padding_length = block[4];
-
---
-2.17.2
-