diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2020-04-25 11:37:10 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2020-04-25 11:37:10 +0100 |
commit | 38423c67c8a23f6a1bc42038193182e2da3116eb (patch) | |
tree | 04e2cf4bd43601b77daa79fe654e409187093c5e /net-misc/openssh/files/openssh-8.0_p1-fix-an-unreachable-integer-overflow-similar-to-the-XMSS-case.patch | |
parent | 623ee73d661e5ed8475cb264511f683407d87365 (diff) |
gentoo resync : 25.04.2020
Diffstat (limited to 'net-misc/openssh/files/openssh-8.0_p1-fix-an-unreachable-integer-overflow-similar-to-the-XMSS-case.patch')
-rw-r--r-- | net-misc/openssh/files/openssh-8.0_p1-fix-an-unreachable-integer-overflow-similar-to-the-XMSS-case.patch | 76 |
1 files changed, 0 insertions, 76 deletions
diff --git a/net-misc/openssh/files/openssh-8.0_p1-fix-an-unreachable-integer-overflow-similar-to-the-XMSS-case.patch b/net-misc/openssh/files/openssh-8.0_p1-fix-an-unreachable-integer-overflow-similar-to-the-XMSS-case.patch deleted file mode 100644 index bffc591ef667..000000000000 --- a/net-misc/openssh/files/openssh-8.0_p1-fix-an-unreachable-integer-overflow-similar-to-the-XMSS-case.patch +++ /dev/null @@ -1,76 +0,0 @@ -https://github.com/openssh/openssh-portable/commit/29e0ecd9b4eb3b9f305e2240351f0c59cad9ef81 - ---- a/sshkey.c -+++ b/sshkey.c -@@ -3209,6 +3209,10 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) - if ((r = sshkey_froms(buf, &k)) != 0 || - (r = sshbuf_get_bignum2(buf, &dsa_priv_key)) != 0) - goto out; -+ if (k->type != type) { -+ r = SSH_ERR_INVALID_FORMAT; -+ goto out; -+ } - if (!DSA_set0_key(k->dsa, NULL, dsa_priv_key)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; -@@ -3252,6 +3256,11 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) - if ((r = sshkey_froms(buf, &k)) != 0 || - (r = sshbuf_get_bignum2(buf, &exponent)) != 0) - goto out; -+ if (k->type != type || -+ k->ecdsa_nid != sshkey_ecdsa_nid_from_name(tname)) { -+ r = SSH_ERR_INVALID_FORMAT; -+ goto out; -+ } - if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; -@@ -3296,6 +3305,10 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) - (r = sshbuf_get_bignum2(buf, &rsa_p)) != 0 || - (r = sshbuf_get_bignum2(buf, &rsa_q)) != 0) - goto out; -+ if (k->type != type) { -+ r = SSH_ERR_INVALID_FORMAT; -+ goto out; -+ } - if (!RSA_set0_key(k->rsa, NULL, NULL, rsa_d)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; -@@ -3333,13 +3346,17 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) - (r = sshbuf_get_string(buf, &ed25519_pk, &pklen)) != 0 || - (r = sshbuf_get_string(buf, &ed25519_sk, &sklen)) != 0) - goto out; -+ if (k->type != type) { -+ r = SSH_ERR_INVALID_FORMAT; -+ goto out; -+ } - if (pklen != ED25519_PK_SZ || sklen != ED25519_SK_SZ) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } - k->ed25519_pk = ed25519_pk; - k->ed25519_sk = ed25519_sk; -- ed25519_pk = ed25519_sk = NULL; -+ ed25519_pk = ed25519_sk = NULL; /* transferred */ - break; - #ifdef WITH_XMSS - case KEY_XMSS: -@@ -3370,7 +3387,7 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) - (r = sshbuf_get_string(buf, &xmss_pk, &pklen)) != 0 || - (r = sshbuf_get_string(buf, &xmss_sk, &sklen)) != 0) - goto out; -- if (strcmp(xmss_name, k->xmss_name)) { -+ if (k->type != type || strcmp(xmss_name, k->xmss_name) != 0) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } -@@ -3877,7 +3894,8 @@ sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase, - } - - /* check that an appropriate amount of auth data is present */ -- if (sshbuf_len(decoded) < encrypted_len + authlen) { -+ if (sshbuf_len(decoded) < authlen || -+ sshbuf_len(decoded) - authlen < encrypted_len) { - r = SSH_ERR_INVALID_FORMAT; - goto out; - } |