diff options
Diffstat (limited to '0001-libssh2-1.8.0-CVE-2019-3855.patch')
-rw-r--r-- | 0001-libssh2-1.8.0-CVE-2019-3855.patch | 33 |
1 files changed, 0 insertions, 33 deletions
diff --git a/0001-libssh2-1.8.0-CVE-2019-3855.patch b/0001-libssh2-1.8.0-CVE-2019-3855.patch deleted file mode 100644 index 746b515..0000000 --- a/0001-libssh2-1.8.0-CVE-2019-3855.patch +++ /dev/null @@ -1,33 +0,0 @@ -From db657a96ca37d87cceff14db66645ba17024803c Mon Sep 17 00:00:00 2001 -From: Kamil Dudka <kdudka@redhat.com> -Date: Tue, 19 Mar 2019 13:16:53 +0100 -Subject: [PATCH] Resolves: CVE-2019-3855 - fix integer overflow in transport read - -... resulting in out of bounds write - -Upstream-Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3855.patch ---- - src/transport.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/transport.c b/src/transport.c -index 8725da0..5349284 100644 ---- a/src/transport.c -+++ b/src/transport.c -@@ -434,8 +434,12 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session) - * and we can extract packet and padding length from it - */ - p->packet_length = _libssh2_ntohu32(block); -- if (p->packet_length < 1) -+ if(p->packet_length < 1) { - return LIBSSH2_ERROR_DECRYPT; -+ } -+ else if(p->packet_length > LIBSSH2_PACKET_MAXPAYLOAD) { -+ return LIBSSH2_ERROR_OUT_OF_BOUNDARY; -+ } - - p->padding_length = block[4]; - --- -2.17.2 - |