summaryrefslogtreecommitdiffstats
path: root/0004-libssh2-1.8.0-CVE-2019-3858.patch
diff options
context:
space:
mode:
Diffstat (limited to '0004-libssh2-1.8.0-CVE-2019-3858.patch')
-rw-r--r--0004-libssh2-1.8.0-CVE-2019-3858.patch30
1 files changed, 0 insertions, 30 deletions
diff --git a/0004-libssh2-1.8.0-CVE-2019-3858.patch b/0004-libssh2-1.8.0-CVE-2019-3858.patch
deleted file mode 100644
index 04914c5..0000000
--- a/0004-libssh2-1.8.0-CVE-2019-3858.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From f06cf3a20dc3f54b7a9fc8127eb7719462caab39 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Tue, 19 Mar 2019 13:32:05 +0100
-Subject: [PATCH] Resolves: CVE-2019-3858 - fix zero-byte allocation
-
-... with a specially crafted SFTP packet leading to an out-of-bounds read
-
-Upstream-Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch
----
- src/sftp.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/sftp.c b/src/sftp.c
-index 7c44116..65cef85 100644
---- a/src/sftp.c
-+++ b/src/sftp.c
-@@ -345,6 +345,10 @@ sftp_packet_read(LIBSSH2_SFTP *sftp)
- return _libssh2_error(session,
- LIBSSH2_ERROR_CHANNEL_PACKET_EXCEEDED,
- "SFTP packet too large");
-+ if (sftp->partial_len == 0)
-+ return _libssh2_error(session,
-+ LIBSSH2_ERROR_ALLOC,
-+ "Unable to allocate empty SFTP packet");
-
- _libssh2_debug(session, LIBSSH2_TRACE_SFTP,
- "Data begin - Packet Length: %lu",
---
-2.17.2
-