new file mode 100644
@@ -0,0 +1,40 @@
+From 533d881b0f4b24c72b35ecc97fa35d295d063e53 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Wed, 3 Jun 2020 10:04:09 +0200
+Subject: [PATCH] sftpserver: Add missing NULL check for ssh_buffer_new()
+
+Thanks to Ramin Farajpour Cami for spotting this.
+
+Fixes T232
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
+Reviewed-by: Jakub Jelen <jjelen@redhat.com>
+
+Upstream-Status: Backport [https://gitlab.com/libssh/libssh-mirror/-/commit/533d881b0f4b24c72b35ecc97fa35d295d063e53]
+CVE: CVE-2020-16135
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ src/sftpserver.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/sftpserver.c b/src/sftpserver.c
+index 5a2110e58..b639a2ce3 100644
+--- a/src/sftpserver.c
++++ b/src/sftpserver.c
+@@ -67,6 +67,12 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) {
+
+ /* take a copy of the whole packet */
+ msg->complete_message = ssh_buffer_new();
++ if (msg->complete_message == NULL) {
++ ssh_set_error_oom(session);
++ sftp_client_message_free(msg);
++ return NULL;
++ }
++
+ ssh_buffer_add_data(msg->complete_message,
+ ssh_buffer_get(payload),
+ ssh_buffer_get_len(payload));
+--
+GitLab
+
new file mode 100644
@@ -0,0 +1,42 @@
+From 2782cb0495b7450bd8fe43ce4af886b66fea6c40 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Wed, 3 Jun 2020 10:05:51 +0200
+Subject: [PATCH] sftpserver: Add missing return check for
+ ssh_buffer_add_data()
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
+Reviewed-by: Jakub Jelen <jjelen@redhat.com>
+
+Upstream-Status: Backport [https://gitlab.com/libssh/libssh-mirror/-/commit/2782cb0495b7450bd8fe43ce4af886b66fea6c40]
+CVE: CVE-2020-16135
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ src/sftpserver.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/src/sftpserver.c b/src/sftpserver.c
+index b639a2ce3..9117f155f 100644
+--- a/src/sftpserver.c
++++ b/src/sftpserver.c
+@@ -73,9 +73,14 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) {
+ return NULL;
+ }
+
+- ssh_buffer_add_data(msg->complete_message,
+- ssh_buffer_get(payload),
+- ssh_buffer_get_len(payload));
++ rc = ssh_buffer_add_data(msg->complete_message,
++ ssh_buffer_get(payload),
++ ssh_buffer_get_len(payload));
++ if (rc < 0) {
++ ssh_set_error_oom(session);
++ sftp_client_message_free(msg);
++ return NULL;
++ }
+
+ ssh_buffer_get_u32(payload, &msg->id);
+
+--
+GitLab
+
new file mode 100644
@@ -0,0 +1,70 @@
+From 10b3ebbe61a7031a3dae97f05834442220447181 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Wed, 3 Jun 2020 10:10:11 +0200
+Subject: [PATCH] buffer: Reformat ssh_buffer_add_data()
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
+Reviewed-by: Jakub Jelen <jjelen@redhat.com>
+
+Upstream-Status: Backport [https://gitlab.com/libssh/libssh-mirror/-/commit/10b3ebbe61a7031a3dae97f05834442220447181]
+CVE: CVE-2020-16135
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ src/buffer.c | 35 ++++++++++++++++++-----------------
+ 1 file changed, 18 insertions(+), 17 deletions(-)
+
+diff --git a/src/buffer.c b/src/buffer.c
+index a2e6246af..476bc1358 100644
+--- a/src/buffer.c
++++ b/src/buffer.c
+@@ -299,28 +299,29 @@ int ssh_buffer_reinit(struct ssh_buffer_struct *buffer)
+ */
+ int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len)
+ {
+- buffer_verify(buffer);
++ buffer_verify(buffer);
+
+- if (data == NULL) {
+- return -1;
+- }
++ if (data == NULL) {
++ return -1;
++ }
+
+- if (buffer->used + len < len) {
+- return -1;
+- }
++ if (buffer->used + len < len) {
++ return -1;
++ }
+
+- if (buffer->allocated < (buffer->used + len)) {
+- if(buffer->pos > 0)
+- buffer_shift(buffer);
+- if (realloc_buffer(buffer, buffer->used + len) < 0) {
+- return -1;
++ if (buffer->allocated < (buffer->used + len)) {
++ if (buffer->pos > 0) {
++ buffer_shift(buffer);
++ }
++ if (realloc_buffer(buffer, buffer->used + len) < 0) {
++ return -1;
++ }
+ }
+- }
+
+- memcpy(buffer->data+buffer->used, data, len);
+- buffer->used+=len;
+- buffer_verify(buffer);
+- return 0;
++ memcpy(buffer->data + buffer->used, data, len);
++ buffer->used += len;
++ buffer_verify(buffer);
++ return 0;
+ }
+
+ /**
+--
+GitLab
+
new file mode 100644
@@ -0,0 +1,34 @@
+From 245ad744b5ab0582fef7cf3905a717b791d7e08b Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Wed, 3 Jun 2020 10:11:21 +0200
+Subject: [PATCH] buffer: Add NULL check for 'buffer' argument
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
+Reviewed-by: Jakub Jelen <jjelen@redhat.com>
+
+Upstream-Status: Backport [https://gitlab.com/libssh/libssh-mirror/-/commit/245ad744b5ab0582fef7cf3905a717b791d7e08b]
+CVE: CVE-2020-16135
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ src/buffer.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/buffer.c b/src/buffer.c
+index 476bc1358..ce12f491a 100644
+--- a/src/buffer.c
++++ b/src/buffer.c
+@@ -299,6 +299,10 @@ int ssh_buffer_reinit(struct ssh_buffer_struct *buffer)
+ */
+ int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len)
+ {
++ if (buffer == NULL) {
++ return -1;
++ }
++
+ buffer_verify(buffer);
+
+ if (data == NULL) {
+--
+GitLab
+
@@ -6,7 +6,13 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=dabb4958b830e5df11d2b0ed8ea255a0"
DEPENDS = "zlib openssl libgcrypt"
-SRC_URI = "git://git.libssh.org/projects/libssh.git;branch=stable-0.8"
+SRC_URI = "git://git.libssh.org/projects/libssh.git;branch=stable-0.8 \
+ file://CVE-2020-16135-1.patch \
+ file://CVE-2020-16135-2.patch \
+ file://CVE-2020-16135-3.patch \
+ file://CVE-2020-16135-4.patch \
+ "
+
SRCREV = "04685a74df9ce1db1bc116a83a0da78b4f4fa1f8"
S = "${WORKDIR}/git"