packages/erlang
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!40 Fix CVE-2025-26618

Browse Source 
From: @starlet-dx 
Reviewed-by: @lyn1001 
Signed-off-by: @lyn1001
This commit is contained in:
openeuler-ci-bot 2025-02-24 06:07:09 +00:00 committed by Gitee
commit 429341d889
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 94 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
CVE-2025-26618.patch Normal file
View File

@ -0,0 +1,89 @@
From 0ed2573cbd55c92e9125c9dc70fa1ca7fed82872 Mon Sep 17 00:00:00 2001
From: Jakub Witczak <kuba@erlang.org>
Date: Thu, 6 Feb 2025 19:00:44 +0100
Subject: [PATCH] ssh: sftp reject packets exceeding limit
Origin: https://github.com/erlang/otp/commit/0ed2573cbd55c92e9125c9dc70fa1ca7fed82872
---
lib/ssh/src/ssh_sftpd.erl | 47 ++++++++++++++++++++++++++-------------
1 file changed, 32 insertions(+), 15 deletions(-)
diff --git a/lib/ssh/src/ssh_sftpd.erl b/lib/ssh/src/ssh_sftpd.erl
index c86ed2cb8199..6bcad0d056e7 100644
--- a/lib/ssh/src/ssh_sftpd.erl
+++ b/lib/ssh/src/ssh_sftpd.erl
@@ -27,7 +27,7 @@
-behaviour(ssh_server_channel).
-include_lib("kernel/include/file.hrl").
-
+-include_lib("kernel/include/logger.hrl").
-include("ssh.hrl").
-include("ssh_xfer.hrl").
-include("ssh_connect.hrl"). %% For ?DEFAULT_PACKET_SIZE and ?DEFAULT_WINDOW_SIZE
@@ -128,9 +128,8 @@ init(Options) ->
%% Description: Handles channel messages
%%--------------------------------------------------------------------
handle_ssh_msg({ssh_cm, _ConnectionManager,
- {data, _ChannelId, Type, Data}}, State) ->
- State1 = handle_data(Type, Data, State),
- {ok, State1};
+ {data, ChannelId, Type, Data}}, State) ->
+ handle_data(Type, ChannelId, Data, State);
handle_ssh_msg({ssh_cm, _, {eof, ChannelId}}, State) ->
{stop, ChannelId, State};
@@ -187,24 +186,42 @@ terminate(_, #state{handles=Handles, file_handler=FileMod, file_state=FS}) ->
%%--------------------------------------------------------------------
%%% Internal functions
%%--------------------------------------------------------------------
-handle_data(0, <<?UINT32(Len), Msg:Len/binary, Rest/binary>>,
+handle_data(0, ChannelId, <<?UINT32(Len), Msg:Len/binary, Rest/binary>>,
State = #state{pending = <<>>}) ->
<<Op, ?UINT32(ReqId), Data/binary>> = Msg,
NewState = handle_op(Op, ReqId, Data, State),
case Rest of
<<>> ->
- NewState;
+ {ok, NewState};
_ ->
- handle_data(0, Rest, NewState)
+ handle_data(0, ChannelId, Rest, NewState)
end;
-
-handle_data(0, Data, State = #state{pending = <<>>}) ->
- State#state{pending = Data};
-
-handle_data(Type, Data, State = #state{pending = Pending}) ->
- handle_data(Type, <<Pending/binary, Data/binary>>,
- State#state{pending = <<>>}).
-
+handle_data(0, _ChannelId, Data, State = #state{pending = <<>>}) ->
+ {ok, State#state{pending = Data}};
+handle_data(Type, ChannelId, Data0, State = #state{pending = Pending}) ->
+ Data = <<Pending/binary, Data0/binary>>,
+ Size = byte_size(Data),
+ case Size > ?SSH_MAX_PACKET_SIZE of
+ true ->
+ ReportFun =
+ fun([S]) ->
+ Report =
+ #{label => {error_logger, error_report},
+ report =>
+ io_lib:format("SFTP packet size (~B) exceeds the limit!",
+ [S])},
+ Meta =
+ #{error_logger =>
+ #{tag => error_report,type => std_error},
+ report_cb => fun(#{report := Msg}) -> {Msg, []} end},
+ {Report, Meta}
+ end,
+ ?LOG_ERROR(ReportFun, [Size]),
+ {stop, ChannelId, State};
+ _ ->
+ handle_data(Type, ChannelId, Data, State#state{pending = <<>>})
+ end.
+
handle_op(?SSH_FXP_INIT, Version, B, State) when is_binary(B) ->
XF = State#state.xf,
Vsn = lists:min([XF#ssh_xfer.vsn, Version]),

6
erlang.spec
View File

@ -10,7 +10,7 @@
%global __with_sources 1 %global __with_sources 1
Name: erlang Name: erlang
Version: 25.3.2.6 Version: 25.3.2.6
Release: 3 Release: 4
Summary: General-purpose programming language and runtime environment Summary: General-purpose programming language and runtime environment
License: Apache-2.0 License: Apache-2.0
URL: https://www.erlang.org URL: https://www.erlang.org
@ -33,6 +33,7 @@ Patch10: otp-0010-configure.ac-C99-fix-for-ERTS___AFTER_MORECORE_HOO
Patch11: otp-0011-configure.ac-C99-fixes-for-poll_works-check.patch Patch11: otp-0011-configure.ac-C99-fixes-for-poll_works-check.patch
Patch12: otp-0012-Revert-Do-not-install-erlang-sources.patch Patch12: otp-0012-Revert-Do-not-install-erlang-sources.patch
Patch13: CVE-2023-48795.patch Patch13: CVE-2023-48795.patch
Patch14: CVE-2025-26618.patch
BuildRequires: gcc gcc-c++ flex make BuildRequires: gcc gcc-c++ flex make
%if %{with doc} %if %{with doc}
@ -1755,6 +1756,9 @@ useradd -r -g epmd -d /dev/null -s /sbin/nologin \
%endif %endif
%changelog %changelog
* Mon Feb 24 2025 yaoxin <1024769339@qq.com> - 25.3.2.6-4
- Fix CVE-2025-26618
* Wed May 15 2024 zhangzikang <zhangzikang@kylinos.cn> - 25.3.2.6-3 * Wed May 15 2024 zhangzikang <zhangzikang@kylinos.cn> - 25.3.2.6-3
- Fix build error for loongarch64 - Fix build error for loongarch64