From 2c81be72eef5363736cf1892646c74a3311ee4c1 Mon Sep 17 00:00:00 2001
From: "B. Stack" <bgstack15@gmail.com>
Date: Sun, 22 May 2022 17:03:17 -0400
Subject: add upstream 11.21

---
 Bugs.txt | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

(limited to 'Bugs.txt')

diff --git a/Bugs.txt b/Bugs.txt
index 7e0845ad..fe9fd7dc 100644
--- a/Bugs.txt
+++ b/Bugs.txt
@@ -5,7 +5,7 @@ the ones mentioned below. The remaining issues that are yet to be fixed are list
 
 
 ----------------
-| libcurl 7.74 |
+| libcurl 7.83|
 ----------------
 __________________________________________________________________________________________________________
 /lib/ftp.c
@@ -62,6 +62,19 @@ move the following constants from src/sftp.h to include/libssh2_sftp.h:
 	#define MAX_SFTP_READ_SIZE 30000
 
 __________________________________________________________________________________________________________
+src/userauth.c
+buffer overflow: https://github.com/libssh2/libssh2/pull/693
+
+-if (banner_len >= session->userauth_list_data_len - 5) {
++if (banner_len > session->userauth_list_data_len - 5) {
+
+-session->userauth_banner = LIBSSH2_ALLOC(session, banner_len);
++session->userauth_banner = LIBSSH2_ALLOC(session, banner_len + 1);
+
+-memmove(session->userauth_banner, session->userauth_list_data + 5,
++memcpy(session->userauth_banner, session->userauth_list_data + 5,
+
+__________________________________________________________________________________________________________
 
 
 -------------------
-- 
cgit