import libssh-0.9.4-3.el8
This commit is contained in:
parent
55575567a7
commit
49720ca34c
41
SOURCES/libssh-0.9.4-fix-cve-2020-16135.patch
Normal file
41
SOURCES/libssh-0.9.4-fix-cve-2020-16135.patch
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
diff -up libssh-0.9.4/src/buffer.c.fix-cve-2020-16135 libssh-0.9.4/src/buffer.c
|
||||||
|
--- libssh-0.9.4/src/buffer.c.fix-cve-2020-16135 2021-04-21 10:27:53.562473773 +0200
|
||||||
|
+++ libssh-0.9.4/src/buffer.c 2021-04-21 10:29:21.768165663 +0200
|
||||||
|
@@ -299,6 +299,10 @@ int ssh_buffer_reinit(struct ssh_buffer_
|
||||||
|
*/
|
||||||
|
int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len)
|
||||||
|
{
|
||||||
|
+ if (buffer == NULL) {
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
buffer_verify(buffer);
|
||||||
|
|
||||||
|
if (data == NULL) {
|
||||||
|
diff -up libssh-0.9.4/src/sftpserver.c.fix-cve-2020-16135 libssh-0.9.4/src/sftpserver.c
|
||||||
|
--- libssh-0.9.4/src/sftpserver.c.fix-cve-2020-16135 2021-04-21 10:30:43.864796642 +0200
|
||||||
|
+++ libssh-0.9.4/src/sftpserver.c 2021-04-21 10:41:52.166933113 +0200
|
||||||
|
@@ -67,9 +67,20 @@ sftp_client_message sftp_get_client_mess
|
||||||
|
|
||||||
|
/* take a copy of the whole packet */
|
||||||
|
msg->complete_message = ssh_buffer_new();
|
||||||
|
- ssh_buffer_add_data(msg->complete_message,
|
||||||
|
- ssh_buffer_get(payload),
|
||||||
|
- ssh_buffer_get_len(payload));
|
||||||
|
+ if (msg->complete_message == NULL) {
|
||||||
|
+ ssh_set_error_oom(session);
|
||||||
|
+ sftp_client_message_free(msg);
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ rc = ssh_buffer_add_data(msg->complete_message,
|
||||||
|
+ ssh_buffer_get(payload),
|
||||||
|
+ ssh_buffer_get_len(payload));
|
||||||
|
+ if (rc < 0) {
|
||||||
|
+ ssh_set_error_oom(session);
|
||||||
|
+ sftp_client_message_free(msg);
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
ssh_buffer_get_u32(payload, &msg->id);
|
||||||
|
|
@ -1,6 +1,6 @@
|
|||||||
Name: libssh
|
Name: libssh
|
||||||
Version: 0.9.4
|
Version: 0.9.4
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
Summary: A library implementing the SSH protocol
|
Summary: A library implementing the SSH protocol
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
URL: http://www.libssh.org
|
URL: http://www.libssh.org
|
||||||
@ -16,6 +16,7 @@ Patch1: libssh-0.9.4-fix-version.patch
|
|||||||
Patch2: libssh-0.9.4-do-not-return-error-server-closed-channel.patch
|
Patch2: libssh-0.9.4-do-not-return-error-server-closed-channel.patch
|
||||||
Patch3: libssh-0.9.4-add-cve-2019-14889-test.patch
|
Patch3: libssh-0.9.4-add-cve-2019-14889-test.patch
|
||||||
Patch4: libssh-0.9.4-do-not-parse-config-during-tests.patch
|
Patch4: libssh-0.9.4-do-not-parse-config-during-tests.patch
|
||||||
|
Patch5: libssh-0.9.4-fix-cve-2020-16135.patch
|
||||||
|
|
||||||
BuildRequires: cmake
|
BuildRequires: cmake
|
||||||
BuildRequires: doxygen
|
BuildRequires: doxygen
|
||||||
@ -135,6 +136,10 @@ popd
|
|||||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
|
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Apr 21 2021 Sahana Prasad <sahana@redhat.com> - 0.9.4-3
|
||||||
|
- Fix CVE-2020-16135 NULL pointer dereference in sftpserver.c if
|
||||||
|
ssh_buffer_new returns NULL (#1862646)
|
||||||
|
|
||||||
* Wed Jun 24 2020 Anderson Sasaki <ansasaki@redhat.com> - 0.9.4-2
|
* Wed Jun 24 2020 Anderson Sasaki <ansasaki@redhat.com> - 0.9.4-2
|
||||||
- Do not return error when server properly closed the channel (#1849071)
|
- Do not return error when server properly closed the channel (#1849071)
|
||||||
- Add a test for CVE-2019-14889
|
- Add a test for CVE-2019-14889
|
||||||
|
Loading…
Reference in New Issue
Block a user