aboutsummaryrefslogtreecommitdiffstats
path: root/main/libssh/CVE-2020-16135.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/libssh/CVE-2020-16135.patch')
-rw-r--r--main/libssh/CVE-2020-16135.patch41
1 files changed, 41 insertions, 0 deletions
diff --git a/main/libssh/CVE-2020-16135.patch b/main/libssh/CVE-2020-16135.patch
new file mode 100644
index 0000000000..d88c062d85
--- /dev/null
+++ b/main/libssh/CVE-2020-16135.patch
@@ -0,0 +1,41 @@
+From 0a9268a60f2d3748ca69bde5651f20e72761058c Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Wed, 3 Jun 2020 10:04:09 +0200
+Subject: CVE-2020-16135: Add missing NULL check for ssh_buffer_new()
+
+Add a missing NULL check for the pointer returned by ssh_buffer_new() in
+sftpserver.c.
+
+Thanks to Ramin Farajpour Cami for spotting this.
+
+Fixes T232
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
+Reviewed-by: Jakub Jelen <jjelen@redhat.com>
+(cherry picked from commit 533d881b0f4b24c72b35ecc97fa35d295d063e53)
+---
+ src/sftpserver.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/sftpserver.c b/src/sftpserver.c
+index 1717aa41..1af8a0e7 100644
+--- a/src/sftpserver.c
++++ b/src/sftpserver.c
+@@ -64,6 +64,12 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) {
+
+ /* take a copy of the whole packet */
+ msg->complete_message = ssh_buffer_new();
++ if (msg->complete_message == NULL) {
++ ssh_set_error_oom(session);
++ sftp_client_message_free(msg);
++ return NULL;
++ }
++
+ ssh_buffer_add_data(msg->complete_message,
+ ssh_buffer_get(payload),
+ ssh_buffer_get_len(payload));
+--
+cgit v1.2.1
+
+