libssh/SOURCES/libssh-0.9.4-fix-cve-2020-16135.patch

diff -up libssh-0.9.4/src/buffer.c.fix-cve-2020-16135 libssh-0.9.4/src/buffer.c
--- libssh-0.9.4/src/buffer.c.fix-cve-2020-16135	2021-04-21 10:27:53.562473773 +0200
+++ libssh-0.9.4/src/buffer.c	2021-04-21 10:29:21.768165663 +0200
@@ -299,6 +299,10 @@ int ssh_buffer_reinit(struct ssh_buffer_
  */
 int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len)
 {
+  if (buffer == NULL) {
+      return -1;
+  }
+
   buffer_verify(buffer);
 
   if (data == NULL) {
diff -up libssh-0.9.4/src/sftpserver.c.fix-cve-2020-16135 libssh-0.9.4/src/sftpserver.c
--- libssh-0.9.4/src/sftpserver.c.fix-cve-2020-16135	2021-04-21 10:30:43.864796642 +0200
+++ libssh-0.9.4/src/sftpserver.c	2021-04-21 10:41:52.166933113 +0200
@@ -67,9 +67,20 @@ sftp_client_message sftp_get_client_mess
 
   /* take a copy of the whole packet */
   msg->complete_message = ssh_buffer_new();
-  ssh_buffer_add_data(msg->complete_message,
-                      ssh_buffer_get(payload),
-                      ssh_buffer_get_len(payload));
+  if (msg->complete_message == NULL) {
+      ssh_set_error_oom(session);
+      sftp_client_message_free(msg);
+      return NULL;
+  }
+
+  rc = ssh_buffer_add_data(msg->complete_message,
+                           ssh_buffer_get(payload),
+                           ssh_buffer_get_len(payload));
+  if (rc < 0) {
+      ssh_set_error_oom(session);
+      sftp_client_message_free(msg);
+      return NULL;
+  }
 
   ssh_buffer_get_u32(payload, &msg->id);
import libssh-0.9.4-3.el8 2021-10-06 11:14:43 +00:00			`diff -up libssh-0.9.4/src/buffer.c.fix-cve-2020-16135 libssh-0.9.4/src/buffer.c`
			`--- libssh-0.9.4/src/buffer.c.fix-cve-2020-16135 2021-04-21 10:27:53.562473773 +0200`
			`+++ libssh-0.9.4/src/buffer.c 2021-04-21 10:29:21.768165663 +0200`
			`@@ -299,6 +299,10 @@ int ssh_buffer_reinit(struct ssh_buffer_`
			`*/`
			`int ssh_buffer_add_data(struct ssh_buffer_struct buffer, const void data, uint32_t len)`
			`{`
			`+ if (buffer == NULL) {`
			`+ return -1;`
			`+ }`
			`+`
			`buffer_verify(buffer);`

			`if (data == NULL) {`
			`diff -up libssh-0.9.4/src/sftpserver.c.fix-cve-2020-16135 libssh-0.9.4/src/sftpserver.c`
			`--- libssh-0.9.4/src/sftpserver.c.fix-cve-2020-16135 2021-04-21 10:30:43.864796642 +0200`
			`+++ libssh-0.9.4/src/sftpserver.c 2021-04-21 10:41:52.166933113 +0200`
			`@@ -67,9 +67,20 @@ sftp_client_message sftp_get_client_mess`

			`/* take a copy of the whole packet */`
			`msg->complete_message = ssh_buffer_new();`
			`- ssh_buffer_add_data(msg->complete_message,`
			`- ssh_buffer_get(payload),`
			`- ssh_buffer_get_len(payload));`
			`+ if (msg->complete_message == NULL) {`
			`+ ssh_set_error_oom(session);`
			`+ sftp_client_message_free(msg);`
			`+ return NULL;`
			`+ }`
			`+`
			`+ rc = ssh_buffer_add_data(msg->complete_message,`
			`+ ssh_buffer_get(payload),`
			`+ ssh_buffer_get_len(payload));`
			`+ if (rc < 0) {`
			`+ ssh_set_error_oom(session);`
			`+ sftp_client_message_free(msg);`
			`+ return NULL;`
			`+ }`

			`ssh_buffer_get_u32(payload, &msg->id);`