Package: libssh2 / 1.7.0-1+deb9u1

CVE-2019-3861.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Description: Out-of-bounds reads with specially crafted SSH packets
Origin: upstream, https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch
Bug-Debian: https://bugs.debian.org/924965
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-3861
Forwarded: not-needed
Last-Update: 2019-03-30

--- a/src/transport.c
+++ b/src/transport.c
@@ -438,6 +438,9 @@ int _libssh2_transport_read(LIBSSH2_SESS
                 return LIBSSH2_ERROR_DECRYPT;
 
             p->padding_length = block[4];
+            if ( p->padding_length > p->packet_length - 1 ) {
+                return LIBSSH2_ERROR_DECRYPT;
+            }
             if(p->packet_length < 1) {
                 return LIBSSH2_ERROR_DECRYPT;
             }