diff --git a/libssh2/RELEASE-NOTES b/libssh2/RELEASE-NOTES index 6c2d7de32..d566bafe0 100644 --- a/libssh2/RELEASE-NOTES +++ b/libssh2/RELEASE-NOTES @@ -1,29 +1,12 @@ -libssh2 1.8.1 +libssh2 1.8.2 This release includes the following bugfixes: - - o fixed possible integer overflow when reading a specially crafted packet - (https://www.libssh2.org/CVE-2019-3855.html) - o fixed possible integer overflow in userauth_keyboard_interactive with a - number of extremely long prompt strings - (https://www.libssh2.org/CVE-2019-3863.html) - o fixed possible integer overflow if the server sent an extremely large number - of keyboard prompts (https://www.libssh2.org/CVE-2019-3856.html) - o fixed possible out of bounds read when processing a specially crafted packet - (https://www.libssh2.org/CVE-2019-3861.html) - o fixed possible integer overflow when receiving a specially crafted exit - signal message channel packet (https://www.libssh2.org/CVE-2019-3857.html) - o fixed possible out of bounds read when receiving a specially crafted exit - status message channel packet (https://www.libssh2.org/CVE-2019-3862.html) - o fixed possible zero byte allocation when reading a specially crafted SFTP - packet (https://www.libssh2.org/CVE-2019-3858.html) - o fixed possible out of bounds reads when processing specially crafted SFTP - packets (https://www.libssh2.org/CVE-2019-3860.html) - o fixed possible out of bounds reads in _libssh2_packet_require(v) - (https://www.libssh2.org/CVE-2019-3859.html) + + o Fixed the misapplied userauth patch that broke 1.8.1 + o moved the MAX size declarations from the public header This release would not have looked like this without help, code, reports and advice from friends like these: - Chris Coulson, Michael Buckley, Will Cosgrove, Daniel Stenberg - (4 contributors) + Will Cosgrove + (1 contributors) diff --git a/libssh2/include/libssh2.h b/libssh2/include/libssh2.h index 8fc5f6cae..fdcf6163d 100644 --- a/libssh2/include/libssh2.h +++ b/libssh2/include/libssh2.h @@ -46,13 +46,13 @@ to make the BANNER define (used by src/session.c) be a valid SSH banner. Release versions have no appended strings and may of course not have dashes either. */ -#define LIBSSH2_VERSION "1.8.1" +#define LIBSSH2_VERSION "1.8.2" /* The numeric version number is also available "in parts" by using these defines: */ #define LIBSSH2_VERSION_MAJOR 1 #define LIBSSH2_VERSION_MINOR 8 -#define LIBSSH2_VERSION_PATCH 1 +#define LIBSSH2_VERSION_PATCH 2 /* This is the numeric version of the libssh2 version number, meant for easier parsing and comparions by programs. The LIBSSH2_VERSION_NUM define will @@ -69,7 +69,7 @@ and it is always a greater number in a more recent release. It makes comparisons with greater than and less than work. */ -#define LIBSSH2_VERSION_NUM 0x010801 +#define LIBSSH2_VERSION_NUM 0x010802 /* * This is the date and time when the full source package was created. The @@ -80,7 +80,7 @@ * * "Mon Feb 12 11:35:33 UTC 2007" */ -#define LIBSSH2_TIMESTAMP "Mon Mar 18 21:30:25 UTC 2019" +#define LIBSSH2_TIMESTAMP "Mon Mar 25 19:29:57 UTC 2019" #ifndef RC_INVOKED @@ -145,18 +145,6 @@ typedef int libssh2_socket_t; #define LIBSSH2_INVALID_SOCKET -1 #endif /* WIN32 */ -#ifndef SIZE_MAX -#if _WIN64 -#define SIZE_MAX 0xFFFFFFFFFFFFFFFF -#else -#define SIZE_MAX 0xFFFFFFFF -#endif -#endif - -#ifndef UINT_MAX -#define UINT_MAX 0xFFFFFFFF -#endif - /* * Determine whether there is small or large file support on windows. */ diff --git a/libssh2/src/libssh2_priv.h b/libssh2/src/libssh2_priv.h index b4296a221..bb5d1a50a 100644 --- a/libssh2/src/libssh2_priv.h +++ b/libssh2/src/libssh2_priv.h @@ -146,6 +146,18 @@ static inline int writev(int sock, struct iovec *iov, int nvecs) #endif +#ifndef SIZE_MAX +#if _WIN64 +#define SIZE_MAX 0xFFFFFFFFFFFFFFFF +#else +#define SIZE_MAX 0xFFFFFFFF +#endif +#endif + +#ifndef UINT_MAX +#define UINT_MAX 0xFFFFFFFF +#endif + /* RFC4253 section 6.1 Maximum Packet Length says: * * "All implementations MUST be able to process packets with diff --git a/libssh2/src/userauth.c b/libssh2/src/userauth.c index ed804629d..c02d81d0e 100644 --- a/libssh2/src/userauth.c +++ b/libssh2/src/userauth.c @@ -107,7 +107,7 @@ static char *userauth_list(LIBSSH2_SESSION *session, const char *username, LIBSSH2_FREE(session, session->userauth_list_data); session->userauth_list_data = NULL; - if (rc || (session->userauth_list_data_len < 1)) { + if (rc) { _libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, "Unable to send userauth-none request"); session->userauth_list_state = libssh2_NB_state_idle; @@ -127,7 +127,7 @@ static char *userauth_list(LIBSSH2_SESSION *session, const char *username, _libssh2_error(session, LIBSSH2_ERROR_EAGAIN, "Would block requesting userauth list"); return NULL; - } else if (rc) { + } else if (rc || (session->userauth_list_data_len < 1)) { _libssh2_error(session, rc, "Failed getting response"); session->userauth_list_state = libssh2_NB_state_idle; return NULL; @@ -1172,7 +1172,7 @@ _libssh2_userauth_publickey(LIBSSH2_SESSION *session, NULL, 0); if (rc == LIBSSH2_ERROR_EAGAIN) return _libssh2_error(session, LIBSSH2_ERROR_EAGAIN, "Would block"); - else if (rc || (session->userauth_pblc_data_len < 1)) { + else if (rc) { LIBSSH2_FREE(session, session->userauth_pblc_packet); session->userauth_pblc_packet = NULL; LIBSSH2_FREE(session, session->userauth_pblc_method); @@ -1195,7 +1195,7 @@ _libssh2_userauth_publickey(LIBSSH2_SESSION *session, if (rc == LIBSSH2_ERROR_EAGAIN) { return _libssh2_error(session, LIBSSH2_ERROR_EAGAIN, "Would block"); } - else if (rc) { + else if (rc || (session->userauth_pblc_data_len < 1)) { LIBSSH2_FREE(session, session->userauth_pblc_packet); session->userauth_pblc_packet = NULL; LIBSSH2_FREE(session, session->userauth_pblc_method);