Upgrade libssh2

JuliaLang · Feb 10, 2022 · 07ce113 · 07ce113
1 parent 4522435
commit 07ce113
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 2 deletions.
diff --git a/deps/checksums/libssh2-635caa90787220ac3773c1d5ba11f1236c22eae8.tar.gz/md5 b/deps/checksums/libssh2-635caa90787220ac3773c1d5ba11f1236c22eae8.tar.gz/md5
@@ -0,0 +1 @@
+d0b060310da22a245fc488a300288198
diff --git a/deps/checksums/libssh2-635caa90787220ac3773c1d5ba11f1236c22eae8.tar.gz/sha512 b/deps/checksums/libssh2-635caa90787220ac3773c1d5ba11f1236c22eae8.tar.gz/sha512
@@ -0,0 +1 @@
+17770f8de4f081840e765d6f7842d562e20f46972fb53a15e3c9e10421f3654a559c5dd1dfbafd7b4a0e5205d800e848b9c9c26ec1d8fc0d229d5070b6d19463
diff --git a/deps/libssh2.mk b/deps/libssh2.mk
@@ -28,6 +28,12 @@ ifeq ($(LIBSSH2_ENABLE_TESTS), 0)
 LIBSSH2_OPTS += -DBUILD_TESTING=OFF
 endif
 
+
+$(BUILDDIR)/$(LIBSSH2_SRC_DIR)/deps/patches/libssh2-userauth-check.patch-applied: $(SRCCACHE)/$(LIBSSH2_SRC_DIR)/source-extracted
+	cd $(LIBSSH2_SRC_DIR) && \
+		patch -p1 -f < $(SRCDIR)/patches/libssh2-userauth-check.patch
+	echo 1 > $@
+
 $(BUILDDIR)/$(LIBSSH2_SRC_DIR)/build-configured: $(SRCCACHE)/$(LIBSSH2_SRC_DIR)/source-extracted
 	mkdir -p $(dir $@)
 	cd $(dir $@) && \

diff --git a/deps/libssh2.version b/deps/libssh2.version
@@ -1,2 +1,2 @@
-LIBSSH2_BRANCH=libssh2-1.9.0
-LIBSSH2_SHA1=42d37aa63129a1b2644bf6495198923534322d64
+LIBSSH2_BRANCH=libssh2-1.10.0
+LIBSSH2_SHA1=2d64e90f3ded394b91d3a2e774ca203a4179f69aebee03003e5a6fa621e41d51
diff --git a/deps/patches/libssh2-userauth-check.patch b/deps/patches/libssh2-userauth-check.patch
@@ -0,0 +1,30 @@
+From 37ee0aa214655b63e7869d1d74ff1ec9f9818a5e Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <[email protected]>
+Date: Fri, 17 Dec 2021 17:46:29 +0100
+Subject: [PATCH] userauth: check for too large userauth_kybd_auth_name_len
+ (#650)
+
+... before using it.
+
+Reported-by: MarcoPoloPie
+Fixes #649
+---
+ src/userauth.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/userauth.c b/src/userauth.c
+index 40ef915..caa5635 100644
+--- a/src/userauth.c
++++ b/src/userauth.c
+@@ -1769,6 +1769,11 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session,
+             if(session->userauth_kybd_data_len >= 5) {
+                 /* string    name (ISO-10646 UTF-8) */
+                 session->userauth_kybd_auth_name_len = _libssh2_ntohu32(s);
++                if(session->userauth_kybd_auth_name_len >
++                   session->userauth_kybd_data_len - 5)
++                    return _libssh2_error(session,
++                                          LIBSSH2_ERROR_OUT_OF_BOUNDARY,
++                                          "Bad keyboard auth name");
+                 s += 4;
+             }
+             else {
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		17770f8de4f081840e765d6f7842d562e20f46972fb53a15e3c9e10421f3654a559c5dd1dfbafd7b4a0e5205d800e848b9c9c26ec1d8fc0d229d5070b6d19463