Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
libssh2_org.13039
libssh2_org-CVE-2019-3857.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libssh2_org-CVE-2019-3857.patch of Package libssh2_org.13039
commit 63ee1c6ec984c38013ac4630d7935505ba8c1630 Author: Will Cosgrove <will@panic.com> Date: Mon Mar 4 15:12:26 2019 -0800 fixed integer overflow in userauth_keyboard_interactive diff --git include/libssh2.h include/libssh2.h index 9ef9ff1..f4bae24 100644 --- include/libssh2.h +++ include/libssh2.h @@ -145,6 +145,18 @@ typedef int libssh2_socket_t; #define LIBSSH2_INVALID_SOCKET -1 #endif /* WIN32 */ +#ifndef SIZE_MAX +#if _WIN64 +#define SIZE_MAX 0xFFFFFFFFFFFFFFFF +#else +#define SIZE_MAX 0xFFFFFFFF +#endif +#endif + +#ifndef UINT_MAX +#define UINT_MAX 0xFFFFFFFF +#endif + /* * Determine whether there is small or large file support on windows. */ commit 50a0e34bdcd892e67e97e936e23773c24d71bc10 Author: Will Cosgrove <will@panic.com> Date: Mon Mar 4 11:05:43 2019 -0800 fixed possible out zero byte/incorrect bounds allocation diff --git src/packet.c src/packet.c index 5f1feb8..98a013d 100644 --- src/packet.c +++ src/packet.c @@ -815,8 +815,15 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, /* set signal name (without SIG prefix) */ uint32_t namelen = _libssh2_ntohu32(data + 9 + sizeof("exit-signal")); - channelp->exit_signal = - LIBSSH2_ALLOC(session, namelen + 1); + + if(namelen <= UINT_MAX - 1) { + channelp->exit_signal = + LIBSSH2_ALLOC(session, namelen + 1); + } + else { + channelp->exit_signal = NULL; + } + if (!channelp->exit_signal) rc = _libssh2_error(session, LIBSSH2_ERROR_ALLOC, "memory for signal name");
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
