rpms/libssh
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix null dereference issues found by covscan

Browse Source 
Related: rhbz#2182252, rhbz#2189740

Signed-off-by: Norbert Pocs <npocs@redhat.com>
This commit is contained in:
Norbert Pocs 2023-05-22 12:53:18 +02:00
parent e3ddbe6a80
commit 18eec23532
2 changed files with 63 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
covscan23_1.patch Normal file
View File

@ -0,0 +1,57 @@
File ../libssh-0.10.4/.git is a regular file while file ./.git is a directory
diff --color -ru ../libssh-0.10.4/src/sftp.c ./src/sftp.c
--- ../libssh-0.10.4/src/sftp.c 2023-05-22 12:45:48.383509085 +0200
+++ ./src/sftp.c 2023-05-22 12:54:31.004037650 +0200
@@ -1755,6 +1755,10 @@
int sftp_close(sftp_file file){
int err = SSH_NO_ERROR;
+ if (file == NULL) {
+ return err;
+ }
+
SAFE_FREE(file->name);
if (file->handle){
err = sftp_handle_close(file->sftp,file->handle);
@@ -1917,7 +1921,7 @@
/* Read from a file using an opened sftp file handle. */
ssize_t sftp_read(sftp_file handle, void *buf, size_t count) {
- sftp_session sftp = handle->sftp;
+ sftp_session sftp;
sftp_message msg = NULL;
sftp_status_message status;
ssh_string datastring;
@@ -1926,6 +1930,11 @@
uint32_t id;
int rc;
+ if (handle == NULL) {
+ return -1;
+ }
+ sftp = handle->sftp;
+
if (handle->eof) {
return 0;
}
@@ -2147,7 +2156,7 @@
}
ssize_t sftp_write(sftp_file file, const void *buf, size_t count) {
- sftp_session sftp = file->sftp;
+ sftp_session sftp;
sftp_message msg = NULL;
sftp_status_message status;
ssh_buffer buffer;
@@ -2156,6 +2165,11 @@
size_t packetlen;
int rc;
+ if (file == NULL) {
+ return -1;
+ }
+ sftp = file->sftp;
+
buffer = ssh_buffer_new();
if (buffer == NULL) {
ssh_set_error_oom(sftp->session);

7
libssh.spec
View File

@ -1,6 +1,6 @@
Name: libssh Name: libssh
Version: 0.10.4 Version: 0.10.4
Release: 9%{?dist} Release: 10%{?dist}
Summary: A library implementing the SSH protocol Summary: A library implementing the SSH protocol
License: LGPLv2+ License: LGPLv2+
URL: http://www.libssh.org URL: http://www.libssh.org
@ -50,6 +50,7 @@ Patch8: null_dereference_rekey.patch
Patch9: auth_bypass.patch Patch9: auth_bypass.patch
Patch10: covscan23.patch Patch10: covscan23.patch
Patch11: rekey_test_fixup.patch Patch11: rekey_test_fixup.patch
Patch12: covscan23_1.patch
%description %description
The ssh library was designed to be used by programmers needing a working SSH The ssh library was designed to be used by programmers needing a working SSH
@ -142,6 +143,10 @@ popd
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
%changelog %changelog
* Mon May 22 2023 Norbert Pocs <npocs@redhat.com> - 0.10.4.10
- Fix null dereference issues found by covscan
- Related: rhbz#2182252, rhbz#2189740
* Wed May 10 2023 Norbert Pocs <npocs@redhat.com> - 0.10.4-9 * Wed May 10 2023 Norbert Pocs <npocs@redhat.com> - 0.10.4-9
- Fix CVE-2023-1667 and CVE-2023-2283 - Fix CVE-2023-1667 and CVE-2023-2283
- Fix issues found by cosvcan - Fix issues found by cosvcan