guix/gnu/packages/patches/libssh-hostname-parser-bug.patch
Leo Famulari eed00f93e8
gnu: libssh: Update to 0.7.6 [fixes CVE-2018-10933].
* gnu/packages/ssh.scm (libssh): Update to 0.7.6.
* gnu/packages/patches/libssh-hostname-parser-bug.patch: Adjust patch.
2018-10-18 23:08:45 -04:00

17 lines
586 B
Diff

It does not handle the case for the unsupported opcode (-1)
which would cause a segfault when accessing the "seen" array.
diff --git a/src/config.c b/src/config.c
index c5313ec8..72e07639 100644
--- a/src/config.c
+++ b/src/config.c
@@ -218,7 +218,8 @@ static int ssh_config_parse_line(ssh_session session, const char *line,
}
opcode = ssh_config_get_opcode(keyword);
- if (*parsing == 1 && opcode != SOC_HOST) {
+ if (*parsing == 1 && opcode != SOC_HOST &&
+ opcode > SOC_UNSUPPORTED && opcode < SOC_END) {
if (seen[opcode] != 0) {
return 0;
}