summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-support/libssh2/files/CVE-2016-0787.patch
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2016-03-03 10:58:35 +0100
committerNora Björklund <nora.bjorklund@enea.com>2016-03-07 14:34:49 +0100
commitf6f328f5d40e8d135fe1251ca13e2e521dd6aebf (patch)
treec3493b7d5e16867e7e27bf966e42678a9c9a94e1 /meta-oe/recipes-support/libssh2/files/CVE-2016-0787.patch
parenta75cee30877e48e44e72a2f2f7d319f3eac575c9 (diff)
downloadmeta-openembedded-f6f328f5d40e8d135fe1251ca13e2e521dd6aebf.tar.gz
libssh2: CVE-2016-0787dizzy-enea
bits/bytes confusion resulting in truncated Diffie-Hellman secret length Reference: https://www.libssh2.org/adv_20160223.html Reference to upstream patch: https://www.libssh2.org/CVE-2016-0787.patch Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Nora Björklund <nora.bjorklund@enea.com>
Diffstat (limited to 'meta-oe/recipes-support/libssh2/files/CVE-2016-0787.patch')
-rw-r--r--meta-oe/recipes-support/libssh2/files/CVE-2016-0787.patch36
1 files changed, 36 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/libssh2/files/CVE-2016-0787.patch b/meta-oe/recipes-support/libssh2/files/CVE-2016-0787.patch
new file mode 100644
index 000000000..9468feb6d
--- /dev/null
+++ b/meta-oe/recipes-support/libssh2/files/CVE-2016-0787.patch
@@ -0,0 +1,36 @@
1From 8a453a7b0f1e667b7369eb73b00843a8decdecc9 Mon Sep 17 00:00:00 2001
2From: Daniel Stenberg <daniel@haxx.se>
3Date: Thu, 11 Feb 2016 13:52:20 +0100
4Subject: [PATCH] diffie_hellman_sha256: convert bytes to bits
5
6As otherwise we get far too small numbers.
7
8CVE-2016-0787
9Patch is from [https://www.libssh2.org/CVE-2016-0787.patch]
10
11Upstream-Status: Backport
12Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
13---
14 src/kex.c | 2 +-
15 1 file changed, 1 insertion(+), 1 deletion(-)
16
17diff --git a/src/kex.c b/src/kex.c
18index 6349457..e89b36c 100644
19--- a/src/kex.c
20+++ b/src/kex.c
21@@ -751,11 +751,11 @@ static int diffie_hellman_sha256(LIBSSH2_SESSION *session,
22
23 /* Zero the whole thing out */
24 memset(&exchange_state->req_state, 0, sizeof(packet_require_state_t));
25
26 /* Generate x and e */
27- _libssh2_bn_rand(exchange_state->x, group_order, 0, -1);
28+ _libssh2_bn_rand(exchange_state->x, group_order * 8 - 1, 0, -1);
29 _libssh2_bn_mod_exp(exchange_state->e, g, exchange_state->x, p,
30 exchange_state->ctx);
31
32 /* Send KEX init */
33 /* packet_type(1) + String Length(4) + leading 0(1) */
34--
352.7.0
36