blob: f3d132e43dadf8a13fb9a8a12d614a0f1eedee47 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
From d77148e3a3ef6c29b26ec74331455394581aa257 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Sun, 8 Nov 2015 21:59:11 +0000
Subject: [PATCH] upstream commit
fix OOB read in packet code caused by missing return
statement found by Ben Hawkes; ok markus@ deraadt@
Upstream-ID: a3e3a85434ebfa0690d4879091959591f30efc62
Upstream-Status: Backport
CVE: CVE-2016-1907
[YOCTO #8935]
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
packet.c | 1 +
1 file changed, 1 insertion(+)
Index: openssh-7.1p2/packet.c
===================================================================
--- openssh-7.1p2.orig/packet.c
+++ openssh-7.1p2/packet.c
@@ -1855,6 +1855,7 @@ ssh_packet_process_incoming(struct ssh *
if (len >= state->packet_discard) {
if ((r = ssh_packet_stop_discard(ssh)) != 0)
return r;
+ return SSH_ERR_CONN_CORRUPT;
}
state->packet_discard -= len;
return 0;
|
