diff options
Diffstat (limited to '0002-libssh2-1.8.0-CVE-2019-3856.patch')
-rw-r--r-- | 0002-libssh2-1.8.0-CVE-2019-3856.patch | 44 |
1 files changed, 0 insertions, 44 deletions
diff --git a/0002-libssh2-1.8.0-CVE-2019-3856.patch b/0002-libssh2-1.8.0-CVE-2019-3856.patch deleted file mode 100644 index 40c9e9b..0000000 --- a/0002-libssh2-1.8.0-CVE-2019-3856.patch +++ /dev/null @@ -1,44 +0,0 @@ -From cc573aafb6f4b24bce9b82f308e92b9723a73024 Mon Sep 17 00:00:00 2001 -From: Kamil Dudka <kdudka@redhat.com> -Date: Tue, 19 Mar 2019 13:22:24 +0100 -Subject: [PATCH] Resolves: CVE-2019-3856 - fix integer overflow in keyboard - interactive handling - -... resulting in out of bounds write - -Upstream-Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3856.patch - -I believe that: - - `(session->userauth_kybd_num_prompts && session->userauth_kybd_num_prompts > 100)` - -... can be simplified as: - - `(session->userauth_kybd_num_prompts > 100)` - -Signed-off-by: Kamil Dudka <kdudka@redhat.com> ---- - src/userauth.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/userauth.c b/src/userauth.c -index cdfa25e..3946cf9 100644 ---- a/src/userauth.c -+++ b/src/userauth.c -@@ -1734,6 +1734,13 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session, - /* int num-prompts */ - session->userauth_kybd_num_prompts = _libssh2_ntohu32(s); - s += 4; -+ if(session->userauth_kybd_num_prompts && -+ session->userauth_kybd_num_prompts > 100) { -+ _libssh2_error(session, LIBSSH2_ERROR_OUT_OF_BOUNDARY, -+ "Too many replies for " -+ "keyboard-interactive prompts"); -+ goto cleanup; -+ } - - if(session->userauth_kybd_num_prompts) { - session->userauth_kybd_prompts = --- -2.17.2 - |