rpms/libssh2
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f22
libssh2/CVE-2016-0787.patch
Paul Howarth 034fe96dbc Fix for CVE-2016-0787 
Make sure that there's a conversion done from number of bytes to number of
bits when the internal _libssh2_bn_rand function is called (CVE-2016-0787)
https://www.libssh2.org/adv_20160223.html
2016-02-23 11:46:16 +00:00

33 lines
1.0 KiB
Diff
Raw Permalink Blame History

From 8a453a7b0f1e667b7369eb73b00843a8decdecc9 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 11 Feb 2016 13:52:20 +0100
Subject: [PATCH] diffie_hellman_sha256: convert bytes to bits
As otherwise we get far too small numbers.
CVE-2016-0787
---
src/kex.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/kex.c b/src/kex.c
index 6349457..e89b36c 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -751,11 +751,11 @@ static int diffie_hellman_sha256(LIBSSH2_SESSION *session,
/* Zero the whole thing out */
memset(&exchange_state->req_state, 0, sizeof(packet_require_state_t));
/* Generate x and e */
- _libssh2_bn_rand(exchange_state->x, group_order, 0, -1);
+ _libssh2_bn_rand(exchange_state->x, group_order * 8 - 1, 0, -1);
_libssh2_bn_mod_exp(exchange_state->e, g, exchange_state->x, p,
exchange_state->ctx);
/* Send KEX init */
/* packet_type(1) + String Length(4) + leading 0(1) */
--
2.7.0
Reference in New Issue View Git Blame Copy Permalink