rpms / putty

Clone
Source Code
GIT

Files

  1.   0f5467e15c0f5c792eaa0e1eadd79b5820d6582e
  2.   putty-CVE-2013-4852.patch
Blob Blame History Raw 
--- putty/import.c	2013/07/07 14:34:37	9895
+++ putty/import.c	2013/07/08 22:36:04	9896
@@ -290,7 +290,7 @@
     if (len < 4)
         goto error;
     bytes = GET_32BIT(d);
-    if (len < 4+bytes)
+    if (bytes < 0 || len-4 < bytes)
         goto error;
 
     ret->start = d + 4;
--- putty/sshdss.c	2013/07/07 14:34:37	9895
+++ putty/sshdss.c	2013/07/08 22:36:04	9896
@@ -43,6 +43,8 @@
     if (*datalen < 4)
 	return;
     *length = GET_32BIT(*data);
+    if (*length < 0)
+        return;
     *datalen -= 4;
     *data += 4;
     if (*datalen < *length)
@@ -98,7 +100,7 @@
     }
 #endif
 
-    if (!p || memcmp(p, "ssh-dss", 7)) {
+    if (!p || slen != 7 || memcmp(p, "ssh-dss", 7)) {
 	sfree(dss);
 	return NULL;
     }
--- putty/sshrsa.c	2013/07/07 14:34:37	9895
+++ putty/sshrsa.c	2013/07/08 22:36:04	9896
@@ -526,6 +526,8 @@
     if (*datalen < 4)
 	return;
     *length = GET_32BIT(*data);
+    if (*length < 0)
+        return;
     *datalen -= 4;
     *data += 4;
     if (*datalen < *length)
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.