Package: libssh2 / 1.8.0-2.1

CVE-2019-3858.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Description: Possible zero-byte allocation leading to an out-of-bounds read 
Origin: upstream, https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch
Bug-Debian: https://bugs.debian.org/924965
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-3858
Forwarded: not-needed
Last-Update: 2019-03-30

--- a/src/sftp.c
+++ b/src/sftp.c
@@ -345,6 +345,10 @@ sftp_packet_read(LIBSSH2_SFTP *sftp)
                 return _libssh2_error(session,
                                       LIBSSH2_ERROR_CHANNEL_PACKET_EXCEEDED,
                                       "SFTP packet too large");
+            if (sftp->partial_len == 0)
+                return _libssh2_error(session,
+                                      LIBSSH2_ERROR_ALLOC,
+                                      "Unable to allocate empty SFTP packet");
 
             _libssh2_debug(session, LIBSSH2_TRACE_SFTP,
                            "Data begin - Packet Length: %lu",