main/libssh: fix CVE-2020-16135

2026-05-05 20:36:40 +02:00 · 2020-09-11 01:14:24 -03:00 · 2020-09-11 01:14:24 -03:00 · 877a2f9d6c
commit 877a2f9d6c
parent b9aebdae9a
2 changed files with 49 additions and 3 deletions
--- a/main/libssh/APKBUILD
+++ b/main/libssh/APKBUILD
@ -2,7 +2,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libssh
 pkgver=0.8.9
-pkgrel=0
+pkgrel=1
 pkgdesc="Library for accessing ssh client services through C libraries"
 url="http://www.libssh.org/"
 arch="all"
@ -11,10 +11,14 @@ makedepends="zlib-dev openssl-dev cmake doxygen"
 subpackages="$pkgname-dev"
 options="!check"
 source="https://www.libssh.org/files/${pkgver%.*}/libssh-$pkgver.tar.xz
-	fix-includes.patch"
+	fix-includes.patch
+	CVE-2020-16135.patch
+	"
 builddir="$srcdir"/$pkgname-$pkgver

 # secfixes:
+#   0.8.9-r1:
+#     - CVE-2020-16135
 #   0.8.9-r0:
 #     - CVE-2020-1730
 #   0.8.8-r0:
@ -37,4 +41,5 @@ package() {
 }

 sha512sums="86ad3cfe2e494a8cb63fa4dd959b84ecc3eec5bf4935ec6b9028c2c3ddcb6c824e8fed491ea78ee6735b646cf5127befe6c781922430988d6ff137623ec403d7  libssh-0.8.9.tar.xz
-055a8f6b97c65384a5a3ab8fe00c69d94cc30092fe926093dbbc122ce301fbe9d76127aa07b5e6107d7fa9dd2aad6b165fa0958b56520253b5d64428ff42a318  fix-includes.patch"
+055a8f6b97c65384a5a3ab8fe00c69d94cc30092fe926093dbbc122ce301fbe9d76127aa07b5e6107d7fa9dd2aad6b165fa0958b56520253b5d64428ff42a318  fix-includes.patch
+a916193b138f72f3ba7a0a7fe72ebd3815462994d4632b191b0b7f0e35ce25d28eb39ca3681b2ba6a924b5345a0c5fdce32f92d250e368f437d27383b1bd499a  CVE-2020-16135.patch"
--- a/main/libssh/CVE-2020-16135.patch
+++ b/main/libssh/CVE-2020-16135.patch
@ -0,0 +1,41 @@
+From 0a9268a60f2d3748ca69bde5651f20e72761058c Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Wed, 3 Jun 2020 10:04:09 +0200
+Subject: CVE-2020-16135: Add missing NULL check for ssh_buffer_new()
+
+Add a missing NULL check for the pointer returned by ssh_buffer_new() in
+sftpserver.c.
+
+Thanks to Ramin Farajpour Cami for spotting this.
+
+Fixes T232
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
+Reviewed-by: Jakub Jelen <jjelen@redhat.com>
+(cherry picked from commit 533d881b0f4b24c72b35ecc97fa35d295d063e53)
+---
+ src/sftpserver.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/sftpserver.c b/src/sftpserver.c
+index 1717aa41..1af8a0e7 100644
+--- a/src/sftpserver.c
+++ b/src/sftpserver.c
+@@ -64,6 +64,12 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) {
+ 
+   /* take a copy of the whole packet */
+   msg->complete_message = ssh_buffer_new();
+  if (msg->complete_message == NULL) {
+      ssh_set_error_oom(session);
+      sftp_client_message_free(msg);
+      return NULL;
+  }
+
+   ssh_buffer_add_data(msg->complete_message,
+                       ssh_buffer_get(payload),
+                       ssh_buffer_get_len(payload));
+-- 
+cgit v1.2.1
+
+