1 files changed, 30 insertions, 0 deletions

diff --git a/CVE-2016-0787.patch b/CVE-2016-0787.patch
new file mode 100644
index 0000000..8827c5d
--- /dev/null
+++ b/CVE-2016-0787.patch
@@ -0,0 +1,30 @@
+From 8a453a7b0f1e667b7369eb73b00843a8decdecc9 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 11 Feb 2016 13:52:20 +0100
+Subject: [PATCH] diffie_hellman_sha1: convert bytes to bits
+
+As otherwise we get far too small numbers.
+
+CVE-2016-0787
+
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ src/kex.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/kex.c b/src/kex.c
+index 6349457..e89b36c 100644
+--- a/src/kex.c
++++ b/src/kex.c
+@@ -133,7 +133,7 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
+         memset(&exchange_state->req_state, 0, sizeof(packet_require_state_t));
+ 
+         /* Generate x and e */
+-        _libssh2_bn_rand(exchange_state->x, group_order, 0, -1);
++        _libssh2_bn_rand(exchange_state->x, group_order * 8 - 1, 0, -1);
+         _libssh2_bn_mod_exp(exchange_state->e, g, exchange_state->x, p,
+                             exchange_state->ctx);
+ 
+-- 
+2.7.0
+