diff options
| -rw-r--r-- | meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch | 44 | ||||
| -rw-r--r-- | meta-oe/recipes-support/libssh/libssh_0.8.9.bb | 4 |
2 files changed, 47 insertions, 1 deletions
diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch new file mode 100644 index 0000000000..63b78688dd --- /dev/null +++ b/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch | |||
| @@ -0,0 +1,44 @@ | |||
| 1 | From 0a9268a60f2d3748ca69bde5651f20e72761058c Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Andreas Schneider <asn@cryptomilk.org> | ||
| 3 | Date: Wed, 3 Jun 2020 10:04:09 +0200 | ||
| 4 | Subject: CVE-2020-16135: Add missing NULL check for ssh_buffer_new() | ||
| 5 | |||
| 6 | Add a missing NULL check for the pointer returned by ssh_buffer_new() in | ||
| 7 | sftpserver.c. | ||
| 8 | |||
| 9 | Thanks to Ramin Farajpour Cami for spotting this. | ||
| 10 | |||
| 11 | Fixes T232 | ||
| 12 | |||
| 13 | Signed-off-by: Andreas Schneider <asn@cryptomilk.org> | ||
| 14 | Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | ||
| 15 | Reviewed-by: Jakub Jelen <jjelen@redhat.com> | ||
| 16 | (cherry picked from commit 533d881b0f4b24c72b35ecc97fa35d295d063e53) | ||
| 17 | |||
| 18 | Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/patch/?id=0a9268a60f2d3748ca69bde5651f20e72761058c] | ||
| 19 | CVE: CVE-2020-16135 | ||
| 20 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
| 21 | --- | ||
| 22 | src/sftpserver.c | 6 ++++++ | ||
| 23 | 1 file changed, 6 insertions(+) | ||
| 24 | |||
| 25 | diff --git a/src/sftpserver.c b/src/sftpserver.c | ||
| 26 | index 1717aa417..1af8a0e76 100644 | ||
| 27 | --- a/src/sftpserver.c | ||
| 28 | +++ b/src/sftpserver.c | ||
| 29 | @@ -64,6 +64,12 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) { | ||
| 30 | |||
| 31 | /* take a copy of the whole packet */ | ||
| 32 | msg->complete_message = ssh_buffer_new(); | ||
| 33 | + if (msg->complete_message == NULL) { | ||
| 34 | + ssh_set_error_oom(session); | ||
| 35 | + sftp_client_message_free(msg); | ||
| 36 | + return NULL; | ||
| 37 | + } | ||
| 38 | + | ||
| 39 | ssh_buffer_add_data(msg->complete_message, | ||
| 40 | ssh_buffer_get(payload), | ||
| 41 | ssh_buffer_get_len(payload)); | ||
| 42 | -- | ||
| 43 | 2.25.1 | ||
| 44 | |||
diff --git a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb b/meta-oe/recipes-support/libssh/libssh_0.8.9.bb index c7e9c3320c..061f13912f 100644 --- a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb +++ b/meta-oe/recipes-support/libssh/libssh_0.8.9.bb | |||
| @@ -6,7 +6,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=dabb4958b830e5df11d2b0ed8ea255a0" | |||
| 6 | 6 | ||
| 7 | DEPENDS = "zlib openssl" | 7 | DEPENDS = "zlib openssl" |
| 8 | 8 | ||
| 9 | SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.8" | 9 | SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.8 \ |
| 10 | file://CVE-2020-16135.patch \ | ||
| 11 | " | ||
| 10 | SRCREV = "04685a74df9ce1db1bc116a83a0da78b4f4fa1f8" | 12 | SRCREV = "04685a74df9ce1db1bc116a83a0da78b4f4fa1f8" |
| 11 | 13 | ||
| 12 | S = "${WORKDIR}/git" | 14 | S = "${WORKDIR}/git" |
