1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
|
Description: Out-of-bounds reads with specially crafted SSH packets
Origin: upstream, https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch
Bug-Debian: https://bugs.debian.org/924965
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-3861
Forwarded: not-needed
Last-Update: 2019-03-30
--- a/src/transport.c
+++ b/src/transport.c
@@ -438,6 +438,9 @@ int _libssh2_transport_read(LIBSSH2_SESS
return LIBSSH2_ERROR_DECRYPT;
p->padding_length = block[4];
+ if ( p->padding_length > p->packet_length - 1 ) {
+ return LIBSSH2_ERROR_DECRYPT;
+ }
if(p->packet_length < 1) {
return LIBSSH2_ERROR_DECRYPT;
}
|