CVE-2020-16135: Add missing NULL check for ssh_buffer_new()
0a9268a60f2d
Actions

Authored by asn on Jun 3 2020, 10:04 AM.

Description

CVE-2020-16135: Add missing NULL check for ssh_buffer_new()

Add a missing NULL check for the pointer returned by ssh_buffer_new() in
sftpserver.c.

Thanks to Ramin Farajpour Cami for spotting this.

Fixes T232

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 533d881b0f4b24c72b35ecc97fa35d295d063e53)

Details

Committed

ansasaki

Aug 13 2020, 12:23 PM

Parents

rLIBSSH04685a74df9c: Bump version to 0.8.9

Branches

Unknown

Tags

Unknown

References

stable-0.8

Tasks

T232: [sftpserver] NULL pointer deref

Event Timeline

ansasaki added a task: T232: [sftpserver] NULL pointer deref.Aug 13 2020, 3:38 PM

ansasaki committed rLIBSSH0a9268a60f2d: CVE-2020-16135: Add missing NULL check for ssh_buffer_new() (authored by asn).Aug 13 2020, 12:23 PM

Changes (1)

Path

Size

src/

sftpserver.c

rLIBSSH0a9268a60f2d

View Options