summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch44
-rw-r--r--meta-oe/recipes-support/libssh/libssh_0.8.9.bb4
2 files changed, 47 insertions, 1 deletions
diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch
new file mode 100644
index 0000000000..63b78688dd
--- /dev/null
+++ b/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch
@@ -0,0 +1,44 @@
1From 0a9268a60f2d3748ca69bde5651f20e72761058c Mon Sep 17 00:00:00 2001
2From: Andreas Schneider <asn@cryptomilk.org>
3Date: Wed, 3 Jun 2020 10:04:09 +0200
4Subject: CVE-2020-16135: Add missing NULL check for ssh_buffer_new()
5
6Add a missing NULL check for the pointer returned by ssh_buffer_new() in
7sftpserver.c.
8
9Thanks to Ramin Farajpour Cami for spotting this.
10
11Fixes T232
12
13Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
14Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
15Reviewed-by: Jakub Jelen <jjelen@redhat.com>
16(cherry picked from commit 533d881b0f4b24c72b35ecc97fa35d295d063e53)
17
18Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/patch/?id=0a9268a60f2d3748ca69bde5651f20e72761058c]
19CVE: CVE-2020-16135
20Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
21---
22 src/sftpserver.c | 6 ++++++
23 1 file changed, 6 insertions(+)
24
25diff --git a/src/sftpserver.c b/src/sftpserver.c
26index 1717aa417..1af8a0e76 100644
27--- a/src/sftpserver.c
28+++ b/src/sftpserver.c
29@@ -64,6 +64,12 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) {
30
31 /* take a copy of the whole packet */
32 msg->complete_message = ssh_buffer_new();
33+ if (msg->complete_message == NULL) {
34+ ssh_set_error_oom(session);
35+ sftp_client_message_free(msg);
36+ return NULL;
37+ }
38+
39 ssh_buffer_add_data(msg->complete_message,
40 ssh_buffer_get(payload),
41 ssh_buffer_get_len(payload));
42--
432.25.1
44
diff --git a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb b/meta-oe/recipes-support/libssh/libssh_0.8.9.bb
index c7e9c3320c..061f13912f 100644
--- a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb
+++ b/meta-oe/recipes-support/libssh/libssh_0.8.9.bb
@@ -6,7 +6,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=dabb4958b830e5df11d2b0ed8ea255a0"
6 6
7DEPENDS = "zlib openssl" 7DEPENDS = "zlib openssl"
8 8
9SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.8" 9SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.8 \
10 file://CVE-2020-16135.patch \
11 "
10SRCREV = "04685a74df9ce1db1bc116a83a0da78b4f4fa1f8" 12SRCREV = "04685a74df9ce1db1bc116a83a0da78b4f4fa1f8"
11 13
12S = "${WORKDIR}/git" 14S = "${WORKDIR}/git"