diff options
author | Leo <thinkabit.ukim@gmail.com> | 2020-09-11 01:14:24 -0300 |
---|---|---|
committer | Leo <thinkabit.ukim@gmail.com> | 2020-09-11 01:24:55 -0300 |
commit | 877a2f9d6c5208ca001dbb2bdcf7dcb31450abea (patch) | |
tree | dd1bb20da882167d2b8267d5f5f330e2a16fbc1d | |
parent | b9aebdae9aa486d822c99355f3e0cb43a247ee75 (diff) |
main/libssh: fix CVE-2020-16135
-rw-r--r-- | main/libssh/APKBUILD | 11 | ||||
-rw-r--r-- | main/libssh/CVE-2020-16135.patch | 41 |
2 files changed, 49 insertions, 3 deletions
diff --git a/main/libssh/APKBUILD b/main/libssh/APKBUILD index 9f87f6b616b..60b08dceb43 100644 --- a/main/libssh/APKBUILD +++ b/main/libssh/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libssh pkgver=0.8.9 -pkgrel=0 +pkgrel=1 pkgdesc="Library for accessing ssh client services through C libraries" url="http://www.libssh.org/" arch="all" @@ -11,10 +11,14 @@ makedepends="zlib-dev openssl-dev cmake doxygen" subpackages="$pkgname-dev" options="!check" source="https://www.libssh.org/files/${pkgver%.*}/libssh-$pkgver.tar.xz - fix-includes.patch" + fix-includes.patch + CVE-2020-16135.patch + " builddir="$srcdir"/$pkgname-$pkgver # secfixes: +# 0.8.9-r1: +# - CVE-2020-16135 # 0.8.9-r0: # - CVE-2020-1730 # 0.8.8-r0: @@ -37,4 +41,5 @@ package() { } sha512sums="86ad3cfe2e494a8cb63fa4dd959b84ecc3eec5bf4935ec6b9028c2c3ddcb6c824e8fed491ea78ee6735b646cf5127befe6c781922430988d6ff137623ec403d7 libssh-0.8.9.tar.xz -055a8f6b97c65384a5a3ab8fe00c69d94cc30092fe926093dbbc122ce301fbe9d76127aa07b5e6107d7fa9dd2aad6b165fa0958b56520253b5d64428ff42a318 fix-includes.patch" +055a8f6b97c65384a5a3ab8fe00c69d94cc30092fe926093dbbc122ce301fbe9d76127aa07b5e6107d7fa9dd2aad6b165fa0958b56520253b5d64428ff42a318 fix-includes.patch +a916193b138f72f3ba7a0a7fe72ebd3815462994d4632b191b0b7f0e35ce25d28eb39ca3681b2ba6a924b5345a0c5fdce32f92d250e368f437d27383b1bd499a CVE-2020-16135.patch" diff --git a/main/libssh/CVE-2020-16135.patch b/main/libssh/CVE-2020-16135.patch new file mode 100644 index 00000000000..d88c062d850 --- /dev/null +++ b/main/libssh/CVE-2020-16135.patch @@ -0,0 +1,41 @@ +From 0a9268a60f2d3748ca69bde5651f20e72761058c Mon Sep 17 00:00:00 2001 +From: Andreas Schneider <asn@cryptomilk.org> +Date: Wed, 3 Jun 2020 10:04:09 +0200 +Subject: CVE-2020-16135: Add missing NULL check for ssh_buffer_new() + +Add a missing NULL check for the pointer returned by ssh_buffer_new() in +sftpserver.c. + +Thanks to Ramin Farajpour Cami for spotting this. + +Fixes T232 + +Signed-off-by: Andreas Schneider <asn@cryptomilk.org> +Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> +Reviewed-by: Jakub Jelen <jjelen@redhat.com> +(cherry picked from commit 533d881b0f4b24c72b35ecc97fa35d295d063e53) +--- + src/sftpserver.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/sftpserver.c b/src/sftpserver.c +index 1717aa41..1af8a0e7 100644 +--- a/src/sftpserver.c ++++ b/src/sftpserver.c +@@ -64,6 +64,12 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) { + + /* take a copy of the whole packet */ + msg->complete_message = ssh_buffer_new(); ++ if (msg->complete_message == NULL) { ++ ssh_set_error_oom(session); ++ sftp_client_message_free(msg); ++ return NULL; ++ } ++ + ssh_buffer_add_data(msg->complete_message, + ssh_buffer_get(payload), + ssh_buffer_get_len(payload)); +-- +cgit v1.2.1 + + |