Overview

File libssh-CVE-2025-4878-2.patch of Package libssh.39450

From 8dc29f140be33b34e6e4a0c228bdce18eb610441 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 28 Apr 2025 11:04:55 +0200
Subject: CVE-2025-4878 legacy: Properly check return value to avoid NULL
 pointer dereference

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/legacy.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/legacy.c b/src/legacy.c
index 6ba5c624..65a47d6e 100644
--- a/src/legacy.c
+++ b/src/legacy.c
@@ -441,7 +441,7 @@ ssh_private_key privatekey_from_file(ssh_session session,
                                      auth_fn,
                                      auth_data,
                                      &key);
-    if (rc == SSH_ERROR) {
+    if (rc != SSH_OK) {
         return NULL;
     }
 
-- 
cgit v1.2.3
openSUSE Build Service is sponsored by
Places