Upstream-Status: Backport from https://git.libssh.org/projects/libssh.git/patch/?id=0a9268a60f2d3748ca69bde5651f20e72761058c
Signed-off-by: Hitendra Prajapati <hprajap...@mvista.com> --- .../libssh/libssh/CVE-2020-16135.patch | 44 +++++++++++++++++++ .../recipes-support/libssh/libssh_0.8.9.bb | 4 +- 2 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch new file mode 100644 index 0000000000..63b78688dd --- /dev/null +++ b/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch @@ -0,0 +1,44 @@ +From 0a9268a60f2d3748ca69bde5651f20e72761058c Mon Sep 17 00:00:00 2001 +From: Andreas Schneider <a...@cryptomilk.org> +Date: Wed, 3 Jun 2020 10:04:09 +0200 +Subject: CVE-2020-16135: Add missing NULL check for ssh_buffer_new() + +Add a missing NULL check for the pointer returned by ssh_buffer_new() in +sftpserver.c. + +Thanks to Ramin Farajpour Cami for spotting this. + +Fixes T232 + +Signed-off-by: Andreas Schneider <a...@cryptomilk.org> +Reviewed-by: Anderson Toshiyuki Sasaki <ansas...@redhat.com> +Reviewed-by: Jakub Jelen <jje...@redhat.com> +(cherry picked from commit 533d881b0f4b24c72b35ecc97fa35d295d063e53) + +Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/patch/?id=0a9268a60f2d3748ca69bde5651f20e72761058c] +CVE: CVE-2020-16135 +Signed-off-by: Hitendra Prajapati <hprajap...@mvista.com> +--- + src/sftpserver.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/sftpserver.c b/src/sftpserver.c +index 1717aa417..1af8a0e76 100644 +--- a/src/sftpserver.c ++++ b/src/sftpserver.c +@@ -64,6 +64,12 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) { + + /* take a copy of the whole packet */ + msg->complete_message = ssh_buffer_new(); ++ if (msg->complete_message == NULL) { ++ ssh_set_error_oom(session); ++ sftp_client_message_free(msg); ++ return NULL; ++ } ++ + ssh_buffer_add_data(msg->complete_message, + ssh_buffer_get(payload), + ssh_buffer_get_len(payload)); +-- +2.25.1 + diff --git a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb b/meta-oe/recipes-support/libssh/libssh_0.8.9.bb index c7e9c3320c..061f13912f 100644 --- a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb +++ b/meta-oe/recipes-support/libssh/libssh_0.8.9.bb @@ -6,7 +6,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=dabb4958b830e5df11d2b0ed8ea255a0" DEPENDS = "zlib openssl" -SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.8" +SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.8 \ + file://CVE-2020-16135.patch \ + " SRCREV = "04685a74df9ce1db1bc116a83a0da78b4f4fa1f8" S = "${WORKDIR}/git" -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#103622): https://lists.openembedded.org/g/openembedded-devel/message/103622 Mute This Topic: https://lists.openembedded.org/mt/99825506/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-