diff options
Diffstat (limited to 'main/libssh2/CVE-2016-0787.patch')
-rw-r--r-- | main/libssh2/CVE-2016-0787.patch | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/main/libssh2/CVE-2016-0787.patch b/main/libssh2/CVE-2016-0787.patch new file mode 100644 index 0000000000..883f0c2d08 --- /dev/null +++ b/main/libssh2/CVE-2016-0787.patch @@ -0,0 +1,21 @@ +Description: CVE-2016-0787: Truncated Difffie-Hellman secret length + Convert bytes to bits in diffie_hellman_sha1. Otherwise we get far too + small numbers. +Origin: backport, http://www.libssh2.org/CVE-2016-0787.patch +Forwarded: not-needed +Author: Daniel Stenberg <daniel@haxx.se> +Reviewed-by: Salvatore Bonaccorso <carnil@debian.org> +Last-Update: 2016-02-18 +Applied-Upstream: 1.7.0 +--- + +--- a/src/kex.c ++++ b/src/kex.c +@@ -103,7 +103,7 @@ static int diffie_hellman_sha1(LIBSSH2_S + memset(&exchange_state->req_state, 0, sizeof(packet_require_state_t)); + + /* Generate x and e */ +- _libssh2_bn_rand(exchange_state->x, group_order, 0, -1); ++ _libssh2_bn_rand(exchange_state->x, group_order * 8 - 1, 0, -1); + _libssh2_bn_mod_exp(exchange_state->e, g, exchange_state->x, p, + exchange_state->ctx); |