diff options
Diffstat (limited to 'net/filezilla/patches/patch-CVE-2013-4852-1')
-rw-r--r-- | net/filezilla/patches/patch-CVE-2013-4852-1 | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/net/filezilla/patches/patch-CVE-2013-4852-1 b/net/filezilla/patches/patch-CVE-2013-4852-1 new file mode 100644 index 00000000000..de63abf8ca6 --- /dev/null +++ b/net/filezilla/patches/patch-CVE-2013-4852-1 @@ -0,0 +1,24 @@ +$NetBSD: patch-CVE-2013-4852-1,v 1.2.2.2 2013/08/21 21:59:57 tron Exp $ + +see http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896 + +--- src/putty/sshdss.c.orig 2007-11-23 11:34:00.000000000 +0000 ++++ src/putty/sshdss.c +@@ -43,6 +43,8 @@ static void getstring(char **data, int * + if (*datalen < 4) + return; + *length = GET_32BIT(*data); ++ if (*length < 0) ++ return; + *datalen -= 4; + *data += 4; + if (*datalen < *length) +@@ -98,7 +100,7 @@ static void *dss_newkey(char *data, int + } + #endif + +- if (!p || memcmp(p, "ssh-dss", 7)) { ++ if (!p || slen != 7 || memcmp(p, "ssh-dss", 7)) { + sfree(dss); + return NULL; + } |