Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
libssh2_org
libssh2_org-CVE-2019-3858.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libssh2_org-CVE-2019-3858.patch of Package libssh2_org
commit c98dcf4bdb1f4c2000ab6ef19173c35f04e0148b Author: Michael Buckley <michael@panic.com> Date: Tue Dec 4 13:10:41 2018 -0800 Prevent zero-byte allocation in sftp_packet_read() which could lead to an out-of-bounds read. diff --git src/sftp.c src/sftp.c index 7c44116..65cef85 100644 --- src/sftp.c +++ src/sftp.c @@ -345,6 +345,10 @@ sftp_packet_read(LIBSSH2_SFTP *sftp) return _libssh2_error(session, LIBSSH2_ERROR_CHANNEL_PACKET_EXCEEDED, "SFTP packet too large"); + if (sftp->partial_len == 0) + return _libssh2_error(session, + LIBSSH2_ERROR_ALLOC, + "Unable to allocate empty SFTP packet"); _libssh2_debug(session, LIBSSH2_TRACE_SFTP, "Data begin - Packet Length: %lu",
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
