Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.1:Update
libssh2_org.5027
CVE-2016-0787.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2016-0787.patch of Package libssh2_org.5027
From 8a453a7b0f1e667b7369eb73b00843a8decdecc9 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Thu, 11 Feb 2016 13:52:20 +0100 Subject: [PATCH] diffie_hellman_sha256: convert bytes to bits As otherwise we get far too small numbers. CVE-2016-0787 --- src/kex.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: libssh2-1.4.3/src/kex.c =================================================================== --- libssh2-1.4.3.orig/src/kex.c 2016-02-22 17:28:48.097485068 +0100 +++ libssh2-1.4.3/src/kex.c 2016-02-22 17:28:48.104485180 +0100 @@ -103,7 +103,7 @@ static int diffie_hellman_sha1(LIBSSH2_S memset(&exchange_state->req_state, 0, sizeof(packet_require_state_t)); /* Generate x and e */ - _libssh2_bn_rand(exchange_state->x, group_order, 0, -1); + _libssh2_bn_rand(exchange_state->x, group_order * 8 - 1, 0, -1); _libssh2_bn_mod_exp(exchange_state->e, g, exchange_state->x, p, exchange_state->ctx);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
