summaryrefslogtreecommitdiffstats
path: root/0003-libssh2-1.8.0-CVE-2019-3857.patch
diff options
context:
space:
mode:
Diffstat (limited to '0003-libssh2-1.8.0-CVE-2019-3857.patch')
-rw-r--r--0003-libssh2-1.8.0-CVE-2019-3857.patch124
1 files changed, 0 insertions, 124 deletions
diff --git a/0003-libssh2-1.8.0-CVE-2019-3857.patch b/0003-libssh2-1.8.0-CVE-2019-3857.patch
deleted file mode 100644
index ea264d2..0000000
--- a/0003-libssh2-1.8.0-CVE-2019-3857.patch
+++ /dev/null
@@ -1,124 +0,0 @@
-From cbd8d5c44701f97eccd6602e3d745fc37a8d7ff4 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Tue, 19 Mar 2019 13:29:35 +0100
-Subject: [PATCH 1/2] Resolves: CVE-2019-3857 - fix integer overflow in SSH
- packet processing channel
-
-... resulting in out of bounds write
-
-Upstream-Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3857.patch
----
- include/libssh2.h | 12 ++++++++++++
- src/packet.c | 11 +++++++++--
- 2 files changed, 21 insertions(+), 2 deletions(-)
-
-diff --git a/include/libssh2.h b/include/libssh2.h
-index 34d2842..e25c380 100644
---- a/include/libssh2.h
-+++ b/include/libssh2.h
-@@ -145,6 +145,18 @@ typedef int libssh2_socket_t;
- #define LIBSSH2_INVALID_SOCKET -1
- #endif /* WIN32 */
-
-+#ifndef SIZE_MAX
-+#if _WIN64
-+#define SIZE_MAX 0xFFFFFFFFFFFFFFFF
-+#else
-+#define SIZE_MAX 0xFFFFFFFF
-+#endif
-+#endif
-+
-+#ifndef UINT_MAX
-+#define UINT_MAX 0xFFFFFFFF
-+#endif
-+
- /*
- * Determine whether there is small or large file support on windows.
- */
-diff --git a/src/packet.c b/src/packet.c
-index 5f1feb8..aa10633 100644
---- a/src/packet.c
-+++ b/src/packet.c
-@@ -815,8 +815,15 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
- /* set signal name (without SIG prefix) */
- uint32_t namelen =
- _libssh2_ntohu32(data + 9 + sizeof("exit-signal"));
-- channelp->exit_signal =
-- LIBSSH2_ALLOC(session, namelen + 1);
-+
-+ if(namelen <= UINT_MAX - 1) {
-+ channelp->exit_signal =
-+ LIBSSH2_ALLOC(session, namelen + 1);
-+ }
-+ else {
-+ channelp->exit_signal = NULL;
-+ }
-+
- if (!channelp->exit_signal)
- rc = _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
- "memory for signal name");
---
-2.17.2
-
-
-From 0708c71871976ccf6d45fd0971a079d271413f92 Mon Sep 17 00:00:00 2001
-From: Michael Buckley <michael@buckleyisms.com>
-Date: Mon, 18 Mar 2019 15:07:12 -0700
-Subject: [PATCH 2/2] Move fallback SIZE_MAX and UINT_MAX to libssh2_priv.h
-
-Upstream-commit: 31d0b1a8530b959bd12c2074dc6e883e1eda8207
-Signed-off-by: Kamil Dudka <kdudka@redhat.com>
----
- include/libssh2.h | 12 ------------
- src/libssh2_priv.h | 12 ++++++++++++
- 2 files changed, 12 insertions(+), 12 deletions(-)
-
-diff --git a/include/libssh2.h b/include/libssh2.h
-index e25c380..34d2842 100644
---- a/include/libssh2.h
-+++ b/include/libssh2.h
-@@ -145,18 +145,6 @@ typedef int libssh2_socket_t;
- #define LIBSSH2_INVALID_SOCKET -1
- #endif /* WIN32 */
-
--#ifndef SIZE_MAX
--#if _WIN64
--#define SIZE_MAX 0xFFFFFFFFFFFFFFFF
--#else
--#define SIZE_MAX 0xFFFFFFFF
--#endif
--#endif
--
--#ifndef UINT_MAX
--#define UINT_MAX 0xFFFFFFFF
--#endif
--
- /*
- * Determine whether there is small or large file support on windows.
- */
-diff --git a/src/libssh2_priv.h b/src/libssh2_priv.h
-index b4296a2..bb5d1a5 100644
---- a/src/libssh2_priv.h
-+++ b/src/libssh2_priv.h
-@@ -146,6 +146,18 @@ static inline int writev(int sock, struct iovec *iov, int nvecs)
-
- #endif
-
-+#ifndef SIZE_MAX
-+#if _WIN64
-+#define SIZE_MAX 0xFFFFFFFFFFFFFFFF
-+#else
-+#define SIZE_MAX 0xFFFFFFFF
-+#endif
-+#endif
-+
-+#ifndef UINT_MAX
-+#define UINT_MAX 0xFFFFFFFF
-+#endif
-+
- /* RFC4253 section 6.1 Maximum Packet Length says:
- *
- * "All implementations MUST be able to process packets with
---
-2.17.2
-