rpms/libssh
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import libssh-0.9.4-3.el8

Browse Source
This commit is contained in:
CentOS Sources 2021-10-06 07:14:43 -04:00 committed by Stepan Oksanichenko
parent 4f9d93effb
commit 6442aaae0e
2 changed files with 47 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
SOURCES/libssh-0.9.4-fix-cve-2020-16135.patch Normal file
View File

@ -0,0 +1,41 @@
diff -up libssh-0.9.4/src/buffer.c.fix-cve-2020-16135 libssh-0.9.4/src/buffer.c
--- libssh-0.9.4/src/buffer.c.fix-cve-2020-16135 2021-04-21 10:27:53.562473773 +0200
+++ libssh-0.9.4/src/buffer.c 2021-04-21 10:29:21.768165663 +0200
@@ -299,6 +299,10 @@ int ssh_buffer_reinit(struct ssh_buffer_
*/
int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len)
{
+ if (buffer == NULL) {
+ return -1;
+ }
+
buffer_verify(buffer);
if (data == NULL) {
diff -up libssh-0.9.4/src/sftpserver.c.fix-cve-2020-16135 libssh-0.9.4/src/sftpserver.c
--- libssh-0.9.4/src/sftpserver.c.fix-cve-2020-16135 2021-04-21 10:30:43.864796642 +0200
+++ libssh-0.9.4/src/sftpserver.c 2021-04-21 10:41:52.166933113 +0200
@@ -67,9 +67,20 @@ sftp_client_message sftp_get_client_mess
/* take a copy of the whole packet */
msg->complete_message = ssh_buffer_new();
- ssh_buffer_add_data(msg->complete_message,
- ssh_buffer_get(payload),
- ssh_buffer_get_len(payload));
+ if (msg->complete_message == NULL) {
+ ssh_set_error_oom(session);
+ sftp_client_message_free(msg);
+ return NULL;
+ }
+
+ rc = ssh_buffer_add_data(msg->complete_message,
+ ssh_buffer_get(payload),
+ ssh_buffer_get_len(payload));
+ if (rc < 0) {
+ ssh_set_error_oom(session);
+ sftp_client_message_free(msg);
+ return NULL;
+ }
ssh_buffer_get_u32(payload, &msg->id);

7
SPECS/libssh.spec
View File

@ -1,6 +1,6 @@
Name: libssh Name: libssh
Version: 0.9.4 Version: 0.9.4
Release: 2%{?dist} Release: 3%{?dist}
Summary: A library implementing the SSH protocol Summary: A library implementing the SSH protocol
License: LGPLv2+ License: LGPLv2+
URL: http://www.libssh.org URL: http://www.libssh.org
@ -16,6 +16,7 @@ Patch1: libssh-0.9.4-fix-version.patch
Patch2: libssh-0.9.4-do-not-return-error-server-closed-channel.patch Patch2: libssh-0.9.4-do-not-return-error-server-closed-channel.patch
Patch3: libssh-0.9.4-add-cve-2019-14889-test.patch Patch3: libssh-0.9.4-add-cve-2019-14889-test.patch
Patch4: libssh-0.9.4-do-not-parse-config-during-tests.patch Patch4: libssh-0.9.4-do-not-parse-config-during-tests.patch
Patch5: libssh-0.9.4-fix-cve-2020-16135.patch
BuildRequires: cmake BuildRequires: cmake
BuildRequires: doxygen BuildRequires: doxygen
@ -135,6 +136,10 @@ popd
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
%changelog %changelog
* Wed Apr 21 2021 Sahana Prasad <sahana@redhat.com> - 0.9.4-3
- Fix CVE-2020-16135 NULL pointer dereference in sftpserver.c if
ssh_buffer_new returns NULL (#1862646)
* Wed Jun 24 2020 Anderson Sasaki <ansasaki@redhat.com> - 0.9.4-2 * Wed Jun 24 2020 Anderson Sasaki <ansasaki@redhat.com> - 0.9.4-2
- Do not return error when server properly closed the channel (#1849071) - Do not return error when server properly closed the channel (#1849071)
- Add a test for CVE-2019-14889 - Add a test for CVE-2019-14889