CVS commit: [netbsd-9] src/crypto/external/bsd/openssh/dist

Sun, 05 Jun 2022 20:05:56 -0700 

Module Name:    src
Committed By:   msaitoh
Date:           Mon Jun  6 03:07:03 UTC 2022

Modified Files:
        src/crypto/external/bsd/openssh/dist [netbsd-9]: sshkey-xmss.c
            version.h

Log Message:
Pull up following revision(s) (requested by martin in ticket #1463):

crypto/external/bsd/openssh/dist/sshkey-xmss.c  patch
crypto/external/bsd/openssh/dist/version.h      patch

        Apply upstream fix for CVE-2019-16905.
        Call this NetBSD_Secure_Shell-20220604.


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.4.2.1 \
    src/crypto/external/bsd/openssh/dist/sshkey-xmss.c
cvs rdiff -u -r1.28 -r1.28.2.1 src/crypto/external/bsd/openssh/dist/version.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/crypto/external/bsd/openssh/dist/sshkey-xmss.c
diff -u src/crypto/external/bsd/openssh/dist/sshkey-xmss.c:1.4 src/crypto/external/bsd/openssh/dist/sshkey-xmss.c:1.4.2.1
--- src/crypto/external/bsd/openssh/dist/sshkey-xmss.c:1.4	Sun Jan 27 02:08:33 2019
+++ src/crypto/external/bsd/openssh/dist/sshkey-xmss.c	Mon Jun  6 03:07:03 2022
@@ -1,4 +1,4 @@
-/*	$NetBSD: sshkey-xmss.c,v 1.4 2019/01/27 02:08:33 pgoyette Exp $	*/
+/*	$NetBSD: sshkey-xmss.c,v 1.4.2.1 2022/06/06 03:07:03 msaitoh Exp $	*/
 /* $OpenBSD: sshkey-xmss.c,v 1.3 2018/07/09 21:59:10 markus Exp $ */
 
 /*
@@ -25,7 +25,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-__RCSID("$NetBSD: sshkey-xmss.c,v 1.4 2019/01/27 02:08:33 pgoyette Exp $");
+__RCSID("$NetBSD: sshkey-xmss.c,v 1.4.2.1 2022/06/06 03:07:03 msaitoh Exp $");
 
 #include <sys/types.h>
 #include <sys/uio.h>
@@ -975,7 +975,8 @@ sshkey_xmss_decrypt_state(const struct s
 		goto out;
 	}
 	/* check that an appropriate amount of auth data is present */
-	if (sshbuf_len(encoded) < encrypted_len + authlen) {
+	if (sshbuf_len(encoded) < authlen ||
+	    sshbuf_len(encoded) - authlen < encrypted_len) {
 		r = SSH_ERR_INVALID_FORMAT;
 		goto out;
 	}

Index: src/crypto/external/bsd/openssh/dist/version.h
diff -u src/crypto/external/bsd/openssh/dist/version.h:1.28 src/crypto/external/bsd/openssh/dist/version.h:1.28.2.1
--- src/crypto/external/bsd/openssh/dist/version.h:1.28	Sat Apr 20 17:28:19 2019
+++ src/crypto/external/bsd/openssh/dist/version.h	Mon Jun  6 03:07:03 2022
@@ -1,8 +1,8 @@
-/*	$NetBSD: version.h,v 1.28 2019/04/20 17:28:19 christos Exp $	*/
+/*	$NetBSD: version.h,v 1.28.2.1 2022/06/06 03:07:03 msaitoh Exp $	*/
 /* $OpenBSD: version.h,v 1.84 2019/04/03 15:48:45 djm Exp $ */
 
 #define __OPENSSH_VERSION	"OpenSSH_8.0"
-#define __NETBSDSSH_VERSION	"NetBSD_Secure_Shell-20190418"
+#define __NETBSDSSH_VERSION	"NetBSD_Secure_Shell-20220604"
 #define SSH_HPN         "-hpn13v14"
 #define SSH_LPK		"-lpk"
 /*

Reply via email to