From 9f6cab90b7e6f38b4d39d0a6b94b2b4d6625f8ca Mon Sep 17 00:00:00 2001 From: wh02252983 Date: Fri, 4 Jul 2025 15:53:35 +0800 Subject: [PATCH] [CVE] add patch to fix CVE-2025-5318 To CVE-2025-5318 add patch to fix CVE-2025-5318 Project: TC2024080204 Signed-off-by: wh02252983 wh02252983@alibaba-inc.com --- 0023-CVE-2025-5318.patch | 16 ++++++++++++++++ libssh.spec | 8 +++++++- 2 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 0023-CVE-2025-5318.patch diff --git a/0023-CVE-2025-5318.patch b/0023-CVE-2025-5318.patch new file mode 100644 index 0000000..6e935ed --- /dev/null +++ b/0023-CVE-2025-5318.patch @@ -0,0 +1,16 @@ +diff --git a/src/sftpserver.c b/src/sftpserver.c +index 9117f15..b3349e1 100644 +--- a/src/sftpserver.c ++++ b/src/sftpserver.c +@@ -538,7 +538,7 @@ void *sftp_handle(sftp_session sftp, ssh_string handle){ + + memcpy(&val, ssh_string_data(handle), sizeof(uint32_t)); + +- if (val > SFTP_HANDLES) { ++ if (val >= SFTP_HANDLES) { + return NULL; + } + +-- +2.43.5 + diff --git a/libssh.spec b/libssh.spec index 467b782..ba77145 100644 --- a/libssh.spec +++ b/libssh.spec @@ -1,4 +1,4 @@ -%define anolis_release 5 +%define anolis_release 6 %global _smp_build_ncpus 1 Name: libssh @@ -38,6 +38,9 @@ Patch0019: 0019-CVE-2023-6004-torture_config-Allow-multiple-in-usern.patch Patch0020: 0020-Fix-regression-in-IPv6-addresses-in-hostname-parsing.patch Patch0021: 0021-tests-Increase-test-coverage-for-IPv6-address-parsin.patch Patch0022: 0022-libssh-0.10.6-rekey-timeout.patch +# https://git.libssh.org/projects/libssh.git/commit/?id=5f4ffda88770f95482fd0e66aa44106614dbf466 +Patch0023: 0023-CVE-2025-5318.patch + BuildRequires: cmake gcc-c++ BuildRequires: openssl-devel zlib-devel krb5-devel libcmocka-devel @@ -148,6 +151,9 @@ popd %doc AUTHORS CHANGELOG README %changelog +* Fri Jul 4 2025 wh02252983 - 0.10.5-6 +- Fix CVE-2025-5318 + * Tue Jun 10 2025 Yihao Yan - 0.10.5-5 - fix rekey test timeout -- Gitee