From 2c66aa8e4ec5b4bfc80f991bb2b3069b108b6121 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Tue, 2 Mar 2021 11:01:02 +0100
Subject: import from RHEL 7.7

---
 0004-libssh2-1.8.0-CVE-2019-3858.patch | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 0004-libssh2-1.8.0-CVE-2019-3858.patch

(limited to '0004-libssh2-1.8.0-CVE-2019-3858.patch')

diff --git a/0004-libssh2-1.8.0-CVE-2019-3858.patch b/0004-libssh2-1.8.0-CVE-2019-3858.patch
new file mode 100644
index 0000000..04914c5
--- /dev/null
+++ b/0004-libssh2-1.8.0-CVE-2019-3858.patch
@@ -0,0 +1,30 @@
+From f06cf3a20dc3f54b7a9fc8127eb7719462caab39 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Tue, 19 Mar 2019 13:32:05 +0100
+Subject: [PATCH] Resolves: CVE-2019-3858 - fix zero-byte allocation
+
+... with a specially crafted SFTP packet leading to an out-of-bounds read
+
+Upstream-Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch
+---
+ src/sftp.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/sftp.c b/src/sftp.c
+index 7c44116..65cef85 100644
+--- a/src/sftp.c
++++ b/src/sftp.c
+@@ -345,6 +345,10 @@ sftp_packet_read(LIBSSH2_SFTP *sftp)
+                 return _libssh2_error(session,
+                                       LIBSSH2_ERROR_CHANNEL_PACKET_EXCEEDED,
+                                       "SFTP packet too large");
++            if (sftp->partial_len == 0)
++                return _libssh2_error(session,
++                                      LIBSSH2_ERROR_ALLOC,
++                                      "Unable to allocate empty SFTP packet");
+ 
+             _libssh2_debug(session, LIBSSH2_TRACE_SFTP,
+                            "Data begin - Packet Length: %lu",
+-- 
+2.17.2
+
-- 
cgit