current/SOURCES/libssh2-1.7.0-CVE-2019-3858.patch

commit c98dcf4bdb1f4c2000ab6ef19173c35f04e0148b
Author: Michael Buckley <michael@panic.com>
Date:   Tue Dec 4 13:10:41 2018 -0800

    Prevent zero-byte allocation in sftp_packet_read() which could lead to an out-of-bounds read.

diff --git a/src/sftp.c b/src/sftp.c
index 7c44116..65cef85 100644
--- a/src/sftp.c
+++ b/src/sftp.c
@@ -345,6 +345,10 @@ sftp_packet_read(LIBSSH2_SFTP *sftp)
                 return _libssh2_error(session,
                                       LIBSSH2_ERROR_CHANNEL_PACKET_EXCEEDED,
                                       "SFTP packet too large");
+            if (sftp->partial_len == 0)
+                return _libssh2_error(session,
+                                      LIBSSH2_ERROR_ALLOC,
+                                      "Unable to allocate empty SFTP packet");
 
             _libssh2_debug(session, LIBSSH2_TRACE_SFTP,
                            "Data begin - Packet Length: %lu",
1	commit c98dcf4bdb1f4c2000ab6ef19173c35f04e0148b
2	Author: Michael Buckley <michael@panic.com>
3	Date: Tue Dec 4 13:10:41 2018 -0800
4
5	Prevent zero-byte allocation in sftp_packet_read() which could lead to an out-of-bounds read.
6
7	diff --git a/src/sftp.c b/src/sftp.c
8	index 7c44116..65cef85 100644
9	--- a/src/sftp.c
10	+++ b/src/sftp.c
11	@@ -345,6 +345,10 @@ sftp_packet_read(LIBSSH2_SFTP *sftp)
12	return _libssh2_error(session,
13	LIBSSH2_ERROR_CHANNEL_PACKET_EXCEEDED,
14	"SFTP packet too large");
15	+ if (sftp->partial_len == 0)
16	+ return _libssh2_error(session,
17	+ LIBSSH2_ERROR_ALLOC,
18	+ "Unable to allocate empty SFTP packet");
19
20	_libssh2_debug(session, LIBSSH2_TRACE_SFTP,
21	"Data begin - Packet Length: %lu",