Cap SFTP packet size sent

Resolves: RHEL-14697
This commit is contained in:
Jacek Migacz 2023-11-28 11:17:05 +01:00
parent 06c4d34bb1
commit 1582dc453e
2 changed files with 36 additions and 0 deletions

View File

@ -0,0 +1,31 @@
From 35eb2614d86316ba9f5a6806ce64f56680fa1e97 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 5 Sep 2023 17:33:41 +0200
Subject: [PATCH] libssh: cap SFTP packet size sent
Due to libssh limitations
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Closes #11804
---
lib/vssh/libssh.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c
index dea0084575859b..7c6a2e53f338fa 100644
--- a/lib/vssh/libssh.c
+++ b/lib/vssh/libssh.c
@@ -2567,6 +2567,12 @@ static ssize_t sftp_send(struct Curl_easy *data, int sockindex,
struct connectdata *conn = data->conn;
(void)sockindex;
+ /* limit the writes to the maximum specified in Section 3 of
+ * https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-02
+ */
+ if(len > 32768)
+ len = 32768;
+
nwrite = sftp_write(conn->proto.sshc.sftp_file, mem, len);
myssh_block2waitfor(conn, FALSE);

View File

@ -104,6 +104,9 @@ Patch33: 0033-curl-7.76.1-CVE-2023-38545.patch
# fix cookie injection with none file (CVE-2023-38546) # fix cookie injection with none file (CVE-2023-38546)
Patch34: 0034-curl-7.76.1-CVE-2023-38546.patch Patch34: 0034-curl-7.76.1-CVE-2023-38546.patch
# cap SFTP packet size sent (RHEL-14697)
Patch35: 0035-curl-7.76.1-64K-sftp.patch
# patch making libcurl multilib ready # patch making libcurl multilib ready
Patch101: 0101-curl-7.32.0-multilib.patch Patch101: 0101-curl-7.32.0-multilib.patch
@ -312,6 +315,7 @@ be installed.
%patch32 -p1 %patch32 -p1
%patch33 -p1 %patch33 -p1
%patch34 -p1 %patch34 -p1
%patch35 -p1
# Fedora patches # Fedora patches
%patch101 -p1 %patch101 -p1
@ -540,6 +544,7 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
* Tue Oct 10 2023 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-28 * Tue Oct 10 2023 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-28
- return error if hostname too long for remote resolve (CVE-2023-38545) - return error if hostname too long for remote resolve (CVE-2023-38545)
- fix cookie injection with none file (CVE-2023-38546) - fix cookie injection with none file (CVE-2023-38546)
- cap SFTP packet size sent (RHEL-14697)
* Tue Sep 12 2023 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-27 * Tue Sep 12 2023 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-27
- when keyboard-interactive auth fails, try password (#2229800) - when keyboard-interactive auth fails, try password (#2229800)