File libssh2_org-CVE-2019-3858.patch of Package libssh2_org.13039

commit c98dcf4bdb1f4c2000ab6ef19173c35f04e0148b
Author: Michael Buckley <michael@panic.com>
Date:   Tue Dec 4 13:10:41 2018 -0800

    Prevent zero-byte allocation in sftp_packet_read() which could lead to an out-of-bounds read.

diff --git src/sftp.c src/sftp.c
index 7c44116..65cef85 100644
--- src/sftp.c
+++ src/sftp.c
@@ -345,6 +345,10 @@ sftp_packet_read(LIBSSH2_SFTP *sftp)
                 return _libssh2_error(session,
                                       LIBSSH2_ERROR_CHANNEL_PACKET_EXCEEDED,
                                       "SFTP packet too large");
+            if (sftp->partial_len == 0)
+                return _libssh2_error(session,
+                                      LIBSSH2_ERROR_ALLOC,
+                                      "Unable to allocate empty SFTP packet");
 
             _libssh2_debug(session, LIBSSH2_TRACE_SFTP,
                            "Data begin - Packet Length: %lu",