!3 fix CVE-2020-1730

Merge pull request !3 from Vchanger/master
2020-04-17 18:15:51 +08:00 · 2020-04-17 18:15:51 +08:00 · 74a7f229cc
commit 74a7f229cc
parent 70e0e00fbf 4dd87339c8
2 changed files with 44 additions and 1 deletions
--- a/CVE-2020-1730.patch
+++ b/CVE-2020-1730.patch
@ -0,0 +1,36 @@
+From 26a8b6535159e3f7fb4a6204373b195f09e3bc20 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Tue, 11 Feb 2020 11:52:33 +0100
+Subject: [PATCH] CVE-2020-1730: Fix a possible segfault when zeroing AES-CTR
+ key
+
+Fixes T213
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
+---
+ src/libcrypto.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/libcrypto.c b/src/libcrypto.c
+index b24a18f..2d692cd 100644
+--- a/src/libcrypto.c
+++ b/src/libcrypto.c
+@@ -638,8 +638,12 @@ static void aes_ctr_encrypt(struct ssh_cipher_struct *cipher, void *in, void *ou
+ }
+ 
+ static void aes_ctr_cleanup(struct ssh_cipher_struct *cipher){
+-    explicit_bzero(cipher->aes_key, sizeof(*cipher->aes_key));
+-    SAFE_FREE(cipher->aes_key);
+    if (cipher != NULL) {
+        if (cipher->aes_key != NULL) {
+            explicit_bzero(cipher->aes_key, sizeof(*cipher->aes_key));
+        }
+        SAFE_FREE(cipher->aes_key);
+    }
+ }
+ 
+ #endif /* HAVE_OPENSSL_EVP_AES_CTR */
+-- 
+1.8.3.1
+
--- a/libssh.spec
+++ b/libssh.spec
@ -1,6 +1,6 @@
 Name:           libssh
 Version:        0.8.3
-Release:        7
+Release:        8
 Summary:        A library implementing the SSH protocol
 License:        LGPLv2+
 URL:            https://www.libssh.org
@ -25,6 +25,7 @@ Patch6009:      0002-CVE-2019-14889.patch
 Patch6010:      0003-CVE-2019-14889.patch
 Patch6011:      0004-CVE-2019-14889.patch
 Patch6012:      0005-CVE-2019-14889.patch
+Patch6013:      CVE-2020-1730.patch

 BuildRequires:  cmake libcmocka-devel krb5-devel zlib-devel pkgconfig
 BuildRequires:  doxygen gcc-c++ gnupg2 openssl-devel
@ -107,6 +108,12 @@ popd
 %doc README ChangeLog obj/doc/html

 %changelog
+* Fri Apr 17 2020 openEuler Buildteam <buildteam@openeuler.org> - 0.8.3-8
+- Type:cves
+- ID:CVE-2020-1730
+- SUG:NA
+- DESC:fix CVE-2020-1730
+
 * Sun Jan 12 2020 openEuler Buildteam <buildteam@openeuler.org> - 0.8.3-7
 - Type:bugfix
 - Id:NA