packages/openssh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openssh/CVE-2019-16905.patch
dogsheng 91beafa331 Package init
2019-12-25 16:00:14 +08:00

38 lines
1.2 KiB
Diff
Raw Blame History

From a546b17bbaeb12beac4c9aeed56f74a42b18a93a Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Wed, 9 Oct 2019 00:02:57 +0000
Subject: [PATCH] upstream: fix integer overflow in XMSS private key parsing.
Reported by Adam Zabrocki via SecuriTeam's SSH program.
Note that this code is experimental and not compiled by default.
ok markus@
OpenBSD-Commit-ID: cd0361896d15e8a1bac495ac583ff065ffca2be1
---
sshkey-xmss.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/sshkey-xmss.c b/sshkey-xmss.c
index a29e33f39..9e5f5e475 100644
--- a/sshkey-xmss.c
+++ b/sshkey-xmss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey-xmss.c,v 1.3 2018/07/09 21:59:10 markus Exp $ */
+/* $OpenBSD: sshkey-xmss.c,v 1.6 2019/10/09 00:02:57 djm Exp $ */
/*
* Copyright (c) 2017 Markus Friedl. All rights reserved.
*
@@ -977,7 +977,8 @@ sshkey_xmss_decrypt_state(const struct sshkey *k, struct sshbuf *encoded,
goto out;
}
/* check that an appropriate amount of auth data is present */
- if (sshbuf_len(encoded) < encrypted_len + authlen) {
+ if (sshbuf_len(encoded) < authlen ||
+ sshbuf_len(encoded) - authlen < encrypted_len) {
r = SSH_ERR_INVALID_FORMAT;
goto out;
}
Reference in New Issue View Git Blame Copy Permalink