Fix double free in ssh connection handling (#1700114)
This commit is contained in:
Pavel Zhukov
parent
8d6af79dc1
commit
1b18eb7583
28
nmap-ssh_nse_crash.patch
Normal file
28
nmap-ssh_nse_crash.patch
Normal file
@ -0,0 +1,28 @@
|
||||
From 350bbe0597d37ad67abe5fef8fba984707b4e9ad Mon Sep 17 00:00:00 2001
|
||||
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
|
||||
Date: Thu, 29 Nov 2018 17:42:09 +0000
|
||||
Subject: [PATCH] Avoid a crash (double-free) when SSH connection fails
|
||||
|
||||
---
|
||||
nse_libssh2.cc | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/nse_libssh2.cc b/nse_libssh2.cc
|
||||
index 6a18c0c85b..983f83dbdb 100644
|
||||
@@ -295,6 +294,7 @@ static int do_session_handshake (lua_State *L, int status, lua_KContext ctx) {
|
||||
|
||||
if (rc) {
|
||||
libssh2_session_free(sshu->session);
|
||||
+ sshu->session = NULL;
|
||||
return luaL_error(L, "Unable to complete libssh2 handshake.");
|
||||
}
|
||||
|
||||
@@ -478,7 +478,7 @@ static int userauth_list (lua_State *L, int status, lua_KContext ctx) {
|
||||
}
|
||||
|
||||
/*
|
||||
-* Returns list of supported authenication methods
|
||||
+* Returns list of supported authentication methods
|
||||
*/
|
||||
static int l_userauth_list (lua_State *L) {
|
||||
return userauth_list(L, 0, 0);
|
||||
@ -13,7 +13,7 @@ Name: nmap
|
||||
Epoch: 2
|
||||
Version: 7.70
|
||||
#global prerelease TEST5
|
||||
Release: 6%{?dist}
|
||||
Release: 7%{?dist}
|
||||
# Uses combination of licenses based on GPL license, but with extra modification
|
||||
# so it got its own license tag rhbz#1055861
|
||||
License: Nmap
|
||||
@ -36,6 +36,7 @@ Patch5: ncat_reg_stdin.diff
|
||||
Patch6: nmap-6.25-displayerror.patch
|
||||
|
||||
Patch7: nmap-ipv6_literal_proxy.patch
|
||||
Patch8: nmap-ssh_nse_crash.patch
|
||||
|
||||
URL: http://nmap.org/
|
||||
BuildRequires: gcc-c++
|
||||
@ -110,6 +111,7 @@ uses.
|
||||
%patch5 -p1 -b .ncat_reg_stdin
|
||||
%patch6 -p1 -b .displayerror
|
||||
%patch7 -p1 -b .ipv6-literal
|
||||
%patch8 -p1 -b .nse-ssh-auth
|
||||
|
||||
#be sure we're not using tarballed copies of some libraries
|
||||
#rm -rf liblua libpcap libpcre macosx mswin32 ###TODO###
|
||||
@ -243,6 +245,9 @@ popd
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu May 2 2019 Pavel Zhukov <pzhukov@redhat.com> - 2:7.70-7
|
||||
- Fix double free when ssh connections fails
|
||||
|
||||
* Tue Feb 5 2019 Pavel Zhukov <pzhukov@redhat.com> - 2:7.70-6
|
||||
- Fix ipv6 literals parsing in proxy connection
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user