- New upstream release 1.8.1
- Fixed possible integer overflow when reading a specially crafted packet
(CVE-2019-3855)
- Fixed possible integer overflow in userauth_keyboard_interactive with a
number of extremely long prompt strings (CVE-2019-3863)
- Fixed possible integer overflow if the server sent an extremely large
number of keyboard prompts (CVE-2019-3856)
- Fixed possible out of bounds read when processing a specially crafted
packet (CVE-2019-3861)
- Fixed possible integer overflow when receiving a specially crafted exit
signal message channel packet (CVE-2019-3857)
- Fixed possible out of bounds read when receiving a specially crafted exit
status message channel packet (CVE-2019-3862)
- Fixed possible zero byte allocation when reading a specially crafted SFTP
packet (CVE-2019-3858)
- Fixed possible out of bounds reads when processing specially crafted SFTP
packets (CVE-2019-3860)
- Fixed possible out of bounds reads in _libssh2_packet_require(v)
(CVE-2019-3859)
- Fix mis-applied patch in the fix of CVE-2019-3859
- https://github.com/libssh2/libssh2/issues/325
- https://github.com/libssh2/libssh2/pull/327
epel9
Paul Howarth
6 years ago
parent
ab0e53ac52
commit
7dfb17d3cb
@ -0,0 +1,50 @@
|
|||||||
|
From 74ecd0e10ced2237f32d273784ef8eaf553b9c30 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Will Cosgrove <will@panic.com>
|
||||||
|
Date: Mon, 18 Mar 2019 17:36:04 -0700
|
||||||
|
Subject: [PATCH] Fixed misapplied patch
|
||||||
|
|
||||||
|
Fixes for user auth
|
||||||
|
---
|
||||||
|
src/userauth.c | 8 ++++----
|
||||||
|
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/userauth.c b/src/userauth.c
|
||||||
|
index ed804629..c02d81d0 100644
|
||||||
|
--- a/src/userauth.c
|
||||||
|
+++ b/src/userauth.c
|
||||||
|
@@ -107,7 +107,7 @@ static char *userauth_list(LIBSSH2_SESSION *session, const char *username,
|
||||||
|
LIBSSH2_FREE(session, session->userauth_list_data);
|
||||||
|
session->userauth_list_data = NULL;
|
||||||
|
|
||||||
|
- if (rc || (session->userauth_list_data_len < 1)) {
|
||||||
|
+ if (rc) {
|
||||||
|
_libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND,
|
||||||
|
"Unable to send userauth-none request");
|
||||||
|
session->userauth_list_state = libssh2_NB_state_idle;
|
||||||
|
@@ -127,7 +127,7 @@ static char *userauth_list(LIBSSH2_SESSION *session, const char *username,
|
||||||
|
_libssh2_error(session, LIBSSH2_ERROR_EAGAIN,
|
||||||
|
"Would block requesting userauth list");
|
||||||
|
return NULL;
|
||||||
|
- } else if (rc) {
|
||||||
|
+ } else if (rc || (session->userauth_list_data_len < 1)) {
|
||||||
|
_libssh2_error(session, rc, "Failed getting response");
|
||||||
|
session->userauth_list_state = libssh2_NB_state_idle;
|
||||||
|
return NULL;
|
||||||
|
@@ -1172,7 +1172,7 @@ _libssh2_userauth_publickey(LIBSSH2_SESSION *session,
|
||||||
|
NULL, 0);
|
||||||
|
if (rc == LIBSSH2_ERROR_EAGAIN)
|
||||||
|
return _libssh2_error(session, LIBSSH2_ERROR_EAGAIN, "Would block");
|
||||||
|
- else if (rc || (session->userauth_pblc_data_len < 1)) {
|
||||||
|
+ else if (rc) {
|
||||||
|
LIBSSH2_FREE(session, session->userauth_pblc_packet);
|
||||||
|
session->userauth_pblc_packet = NULL;
|
||||||
|
LIBSSH2_FREE(session, session->userauth_pblc_method);
|
||||||
|
@@ -1195,7 +1195,7 @@ _libssh2_userauth_publickey(LIBSSH2_SESSION *session,
|
||||||
|
if (rc == LIBSSH2_ERROR_EAGAIN) {
|
||||||
|
return _libssh2_error(session, LIBSSH2_ERROR_EAGAIN, "Would block");
|
||||||
|
}
|
||||||
|
- else if (rc) {
|
||||||
|
+ else if (rc || (session->userauth_pblc_data_len < 1)) {
|
||||||
|
LIBSSH2_FREE(session, session->userauth_pblc_packet);
|
||||||
|
session->userauth_pblc_packet = NULL;
|
||||||
|
LIBSSH2_FREE(session, session->userauth_pblc_method);
|
||||||
Loading…
Reference in new issue