File 0001-Fix-golang.org-x-crypto-CVE-2021-43565.patch of Package kubevirt.22268

From 4de8c1ddc652fe4df8e4336f9e84ed555f03b363 Mon Sep 17 00:00:00 2001
From: Vasiliy Ulyanov <vulyanov@suse.de>
Date: Wed, 22 Dec 2021 09:38:46 +0100
Subject: [PATCH] Fix golang.org/x/crypto (CVE-2021-43565)

Apply the patch to vendor dependencies:
https://github.com/golang/crypto/commit/5770296d904e90f15f38f77dfc2e43fdf5efc083

This fixes a vulnerability in the golang.org/x/crypto/ssh package which
allowed unauthenticated clients to cause a panic in SSH servers.

Reference:
https://github.com/golang/go/issues/49932
https://github.com/golang/crypto/commit/5770296d904e90f15f38f77dfc2e43fdf5efc083
https://bugzilla.redhat.com/show_bug.cgi?id=2030787
https://bugzilla.suse.com/show_bug.cgi?id=1193930
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43565

Signed-off-by: Vasiliy Ulyanov <vulyanov@suse.de>
---
 vendor/golang.org/x/crypto/ssh/cipher.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/vendor/golang.org/x/crypto/ssh/cipher.go b/vendor/golang.org/x/crypto/ssh/cipher.go
index 8bd6b3daf..ccd82bc7a 100644
--- a/vendor/golang.org/x/crypto/ssh/cipher.go
+++ b/vendor/golang.org/x/crypto/ssh/cipher.go
@@ -394,6 +394,10 @@ func (c *gcmCipher) readCipherPacket(seqNum uint32, r io.Reader) ([]byte, error)
 	}
 	c.incIV()
 
+	if len(plain) == 0 {
+		return nil, errors.New("ssh: empty packet")
+	}
+
 	padding := plain[0]
 	if padding < 4 {
 		// padding is a byte, so it automatically satisfies
@@ -710,6 +714,10 @@ func (c *chacha20Poly1305Cipher) readCipherPacket(seqNum uint32, r io.Reader) ([
 	plain := c.buf[4:contentEnd]
 	s.XORKeyStream(plain, plain)
 
+	if len(plain) == 0 {
+		return nil, errors.New("ssh: empty packet")
+	}
+
 	padding := plain[0]
 	if padding < 4 {
 		// padding is a byte, so it automatically satisfies
-- 
2.34.1

openSUSE Build Service is sponsored by