|
| 1 | +From 7e85a3106d43699b1662d46480b377bfc55fcbbf Mon Sep 17 00:00:00 2001 |
| 2 | +From: Jakub Jelen <jjelen@redhat.com> |
| 3 | +Date: Thu, 11 Dec 2025 13:22:44 +0100 |
| 4 | +Subject: [PATCH] sftp: Fix out-of-bound read from sftp extensions |
| 5 | +MIME-Version: 1.0 |
| 6 | +Content-Type: text/plain; charset=UTF-8 |
| 7 | +Content-Transfer-Encoding: 8bit |
| 8 | + |
| 9 | +Signed-off-by: Jakub Jelen <jjelen@redhat.com> |
| 10 | +Reviewed-by: Pavol Žáčik <pzacik@redhat.com> |
| 11 | +(cherry picked from commit 855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60) |
| 12 | +Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> |
| 13 | +Upstream-reference: https://git.libssh.org/projects/libssh.git/patch/?id=f80670a7aba86cbb442c9b115c9eaf4ca04601b8 |
| 14 | +--- |
| 15 | + src/sftp.c | 4 ++-- |
| 16 | + 1 file changed, 2 insertions(+), 2 deletions(-) |
| 17 | + |
| 18 | +diff --git a/src/sftp.c b/src/sftp.c |
| 19 | +index e01012a..e55f5e1 100644 |
| 20 | +--- a/src/sftp.c |
| 21 | ++++ b/src/sftp.c |
| 22 | +@@ -768,7 +768,7 @@ const char *sftp_extensions_get_name(sftp_session sftp, unsigned int idx) { |
| 23 | + return NULL; |
| 24 | + } |
| 25 | + |
| 26 | +- if (idx > sftp->ext->count) { |
| 27 | ++ if (idx >= sftp->ext->count) { |
| 28 | + ssh_set_error_invalid(sftp->session); |
| 29 | + return NULL; |
| 30 | + } |
| 31 | +@@ -784,7 +784,7 @@ const char *sftp_extensions_get_data(sftp_session sftp, unsigned int idx) { |
| 32 | + return NULL; |
| 33 | + } |
| 34 | + |
| 35 | +- if (idx > sftp->ext->count) { |
| 36 | ++ if (idx >= sftp->ext->count) { |
| 37 | + ssh_set_error_invalid(sftp->session); |
| 38 | + return NULL; |
| 39 | + } |
| 40 | +-- |
| 41 | +2.45.4 |
| 42 | + |
0 commit comments