From 1582dc453e7ca61bf4d0f48f2482782fc1dfd54b Mon Sep 17 00:00:00 2001 From: Jacek Migacz Date: Tue, 28 Nov 2023 11:17:05 +0100 Subject: [PATCH] Cap SFTP packet size sent Resolves: RHEL-14697 --- 0035-curl-7.76.1-64K-sftp.patch | 31 +++++++++++++++++++++++++++++++ curl.spec | 5 +++++ 2 files changed, 36 insertions(+) create mode 100644 0035-curl-7.76.1-64K-sftp.patch diff --git a/0035-curl-7.76.1-64K-sftp.patch b/0035-curl-7.76.1-64K-sftp.patch new file mode 100644 index 0000000..59e1248 --- /dev/null +++ b/0035-curl-7.76.1-64K-sftp.patch @@ -0,0 +1,31 @@ +From 35eb2614d86316ba9f5a6806ce64f56680fa1e97 Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Tue, 5 Sep 2023 17:33:41 +0200 +Subject: [PATCH] libssh: cap SFTP packet size sent + +Due to libssh limitations + +Signed-off-by: Jakub Jelen + +Closes #11804 +--- + lib/vssh/libssh.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c +index dea0084575859b..7c6a2e53f338fa 100644 +--- a/lib/vssh/libssh.c ++++ b/lib/vssh/libssh.c +@@ -2567,6 +2567,12 @@ static ssize_t sftp_send(struct Curl_easy *data, int sockindex, + struct connectdata *conn = data->conn; + (void)sockindex; + ++ /* limit the writes to the maximum specified in Section 3 of ++ * https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-02 ++ */ ++ if(len > 32768) ++ len = 32768; ++ + nwrite = sftp_write(conn->proto.sshc.sftp_file, mem, len); + + myssh_block2waitfor(conn, FALSE); diff --git a/curl.spec b/curl.spec index b12d56d..616e88c 100644 --- a/curl.spec +++ b/curl.spec @@ -104,6 +104,9 @@ Patch33: 0033-curl-7.76.1-CVE-2023-38545.patch # fix cookie injection with none file (CVE-2023-38546) Patch34: 0034-curl-7.76.1-CVE-2023-38546.patch +# cap SFTP packet size sent (RHEL-14697) +Patch35: 0035-curl-7.76.1-64K-sftp.patch + # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch @@ -312,6 +315,7 @@ be installed. %patch32 -p1 %patch33 -p1 %patch34 -p1 +%patch35 -p1 # Fedora patches %patch101 -p1 @@ -540,6 +544,7 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la * Tue Oct 10 2023 Jacek Migacz - 7.76.1-28 - return error if hostname too long for remote resolve (CVE-2023-38545) - fix cookie injection with none file (CVE-2023-38546) +- cap SFTP packet size sent (RHEL-14697) * Tue Sep 12 2023 Jacek Migacz - 7.76.1-27 - when keyboard-interactive auth fails, try password (#2229800)