diff --git a/backport-misc-libssh2_copy_string-avoid-malloc-zero-bytes.patch b/backport-misc-libssh2_copy_string-avoid-malloc-zero-bytes.patch new file mode 100644 index 0000000000000000000000000000000000000000..371aab6a8e4e57859e0c6b512fdb0f81c01dd3df --- /dev/null +++ b/backport-misc-libssh2_copy_string-avoid-malloc-zero-bytes.patch @@ -0,0 +1,33 @@ +From: https://github.com/libssh2/libssh2/commit/e7e1312b0cbfa643e2f8bf5f2036ce5147ed797d +From: bagder +Date: 21 Mar 2022 10:11 -0800 +Subject: misc/libssh2_copy_string: avoid malloc zero bytes #686 + +Notes: +* Avoid the inconsistent malloc return code for malloc(0) + +--- libssh2-1.10.0/src/misc.c 2019-09-13 14:39:11.000000000 +0800 ++++ libssh2-1.10.0/src/misc.c 2022-09-29 18:27:13.604424483 +0800 +@@ -794,12 +794,18 @@ + return -1; + } + +- *outbuf = LIBSSH2_ALLOC(session, str_len); +- if(*outbuf) { +- memcpy(*outbuf, str, str_len); ++ if(str_len) { ++ *outbuf = LIBSSH2_ALLOC(session, str_len); ++ if(*outbuf) { ++ memcpy(*outbuf, str, str_len); ++ } ++ else { ++ return -1; ++ } + } + else { +- return -1; ++ *outlen = 0; ++ *outbuf = NULL; + } + + if(outlen) diff --git a/libssh2.spec b/libssh2.spec index e6fb57054c65ef036f79e2a2921638ee38120dba..f751b6106cb489cf337c63c003c82b516b30311c 100644 --- a/libssh2.spec +++ b/libssh2.spec @@ -1,12 +1,13 @@ Name: libssh2 Version: 1.10.0 -Release: 2 +Release: 3 Summary: A library implementing the SSH2 protocol License: BSD URL: https://www.libssh2.org/ Source0: https://libssh2.org/download/libssh2-%{version}.tar.gz Patch0: backport-RSA-SHA2-256-512-key-upgrade-support-RFC-8332.patch +Patch1: backport-misc-libssh2_copy_string-avoid-malloc-zero-bytes.patch BuildRequires: coreutils findutils /usr/bin/man zlib-devel BuildRequires: gcc make sed openssl-devel > 1:1.0.1 openssh-server @@ -86,6 +87,12 @@ LC_ALL=en_US.UTF-8 make -C tests check %{_mandir}/man3/libssh2_*.3* %changelog +* Thu Sep 29 2022 zhangjun - 1.10.0-3 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:Avoid the inconsistent malloc return code for malloc(0) + * Sat Jul 30 2022 renmingshuai - 1.10.0-2 - Type:bugfix - ID:NA