aboutsummaryrefslogtreecommitdiffstats
path: root/main/libssh2/CVE-2016-0787.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/libssh2/CVE-2016-0787.patch')
-rw-r--r--main/libssh2/CVE-2016-0787.patch21
1 files changed, 21 insertions, 0 deletions
diff --git a/main/libssh2/CVE-2016-0787.patch b/main/libssh2/CVE-2016-0787.patch
new file mode 100644
index 0000000000..883f0c2d08
--- /dev/null
+++ b/main/libssh2/CVE-2016-0787.patch
@@ -0,0 +1,21 @@
+Description: CVE-2016-0787: Truncated Difffie-Hellman secret length
+ Convert bytes to bits in diffie_hellman_sha1. Otherwise we get far too
+ small numbers.
+Origin: backport, http://www.libssh2.org/CVE-2016-0787.patch
+Forwarded: not-needed
+Author: Daniel Stenberg <daniel@haxx.se>
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2016-02-18
+Applied-Upstream: 1.7.0
+---
+
+--- a/src/kex.c
++++ b/src/kex.c
+@@ -103,7 +103,7 @@ static int diffie_hellman_sha1(LIBSSH2_S
+ memset(&exchange_state->req_state, 0, sizeof(packet_require_state_t));
+
+ /* Generate x and e */
+- _libssh2_bn_rand(exchange_state->x, group_order, 0, -1);
++ _libssh2_bn_rand(exchange_state->x, group_order * 8 - 1, 0, -1);
+ _libssh2_bn_mod_exp(exchange_state->e, g, exchange_state->x, p,
+ exchange_state->ctx);
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-27 09:21:15 +0000