Overview

File 0001-CVE-2012-4562-Fix-possible-integer-overflow-in-ssh_g.patch of Package libssh.openSUSE_12.1_Update

From 0b6d7c05c872e5d8e348e9fe2d9fb0340446fbeb Mon Sep 17 00:00:00 2001
From: Xi Wang <xi.wang@gmail.com>
Date: Fri, 25 Nov 2011 23:02:06 -0500
Subject: [PATCH 01/11] CVE-2012-4562: Fix possible integer overflow in
 ssh_get_hexa().

No exploit known, but it is better to check the string length.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit a64247daa4ae5c82bc283907fa9ea57923ad9540)
---
 src/dh.c |    4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/dh.c b/src/dh.c
index 30625db..e415b02 100644
--- a/src/dh.c
+++ b/src/dh.c
@@ -44,6 +44,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <limits.h>
 
 #ifndef _WIN32
 #include <arpa/inet.h>
@@ -193,6 +194,9 @@ char *ssh_get_hexa(const unsigned char *what, size_t len) {
   char *hexa = NULL;
   size_t i;
 
+  if (len > (UINT_MAX - 1) / 3)
+    return NULL;
+
   hexa = malloc(len * 3 + 1);
   if (hexa == NULL) {
     return NULL;
-- 
1.7.10.4
openSUSE Build Service is sponsored by
Places