Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
libssh2_org.10632
libssh2_org-CVE-2019-3861.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libssh2_org-CVE-2019-3861.patch of Package libssh2_org.10632
commit b6525c924313f6127287edc945a3a787f9aff158 Author: Michael Buckley <michael@panic.com> Date: Tue Dec 4 12:44:26 2018 -0800 Sanitize padding_length - _libssh2_transport_read(). This prevents an underflow resulting in a potential out-of-bounds read if a server sends a too-large padding_length, possibly with malicious intent. Index: src/transport.c =================================================================== --- src/transport.c.orig +++ src/transport.c @@ -438,6 +438,9 @@ int _libssh2_transport_read(LIBSSH2_SESS return LIBSSH2_ERROR_DECRYPT; p->padding_length = block[4]; + if ( p->padding_length > p->packet_length - 1 ) { + return LIBSSH2_ERROR_DECRYPT; + } if(p->packet_length < 1) { return LIBSSH2_ERROR_DECRYPT; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor