[libssh2] fix a use after free in channel.c

Wed Aug 14 16:00:36 UTC 2013

commit 343e650ca6130c7b16f0a41e00f476fe3ce82716
Author: Kamil Dudka <kdudka at redhat.com>
Date:   Wed Aug 14 17:54:06 2013 +0200

    fix a use after free in channel.c

 0005-channel.c-fix-a-use-after-free.patch |   26 ++++++++++++++++++++++++++
 libssh2.spec                              |    5 +++++
 2 files changed, 31 insertions(+), 0 deletions(-)
---

diff --git a/0005-channel.c-fix-a-use-after-free.patch b/0005-channel.c-fix-a-use-after-free.patch
new file mode 100644
index 0000000..8fa0a05
--- /dev/null
+++ b/0005-channel.c-fix-a-use-after-free.patch
@@ -0,0 +1,26 @@
+From 96e1078fced70e39e4163857ad8345ae9d24573f Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka at redhat.com>
+Date: Wed, 14 Aug 2013 17:37:00 +0200
+Subject: [PATCH 5/5] channel.c: fix a use after free
+
+Bug: https://trac.libssh2.org/ticket/268
+---
+ src/channel.c |    2 --
+ 1 files changed, 0 insertions(+), 2 deletions(-)
+
+diff --git a/src/channel.c b/src/channel.c
+index d4ffdce..9f2c241 100644
+--- a/src/channel.c
++++ b/src/channel.c
+@@ -670,8 +670,6 @@ int _libssh2_channel_forward_cancel(LIBSSH2_LISTENER *listener)
+ 
+     LIBSSH2_FREE(session, listener);
+ 
+-    listener->chanFwdCncl_state = libssh2_NB_state_idle;
+-
+     return 0;
+ }
+ 
+-- 
+1.7.1
+
diff --git a/libssh2.spec b/libssh2.spec
index c485e67..9536806 100644
--- a/libssh2.spec
+++ b/libssh2.spec
@@ -23,6 +23,7 @@ Patch1:		0001-sftp-seek-Don-t-flush-buffers-on-same-offset.patch
 Patch2:		0002-sftp-statvfs-Along-error-path-reset-the-correct-stat.patch
 Patch3:		0003-sftp-Add-support-for-fsync-OpenSSH-extension.patch
 Patch4:		0004-partially-revert-window_size-explicit-adjustments-on.patch
+Patch5:		0005-channel.c-fix-a-use-after-free.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
 BuildRequires:	openssl-devel
 BuildRequires:	zlib-devel
@@ -84,6 +85,9 @@ sed -i s/4711/47%{?__isa_bits}/ tests/ssh2.{c,sh}
 # http://thread.gmane.org/gmane.network.ssh.libssh2.devel/6428
 %patch4 -p1
 
+# https://trac.libssh2.org/ticket/268
+%patch5 -p1
+
 # Make sshd transition appropriately if building in an SELinux environment
 %if !(0%{?fedora} >= 17 || 0%{?rhel} >= 7)
 chcon $(/usr/sbin/matchpathcon -n /etc/rc.d/init.d/sshd) tests/ssh2.sh || :
@@ -152,6 +156,7 @@ rm -rf %{buildroot}
 %changelog
 * Wed Aug 14 2013 Kamil Dudka <kdudka at redhat.com> 1.4.3-8
 - fix very slow sftp upload to localhost
+- fix a use after free in channel.c
 
 * Sat Aug 03 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.4.3-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
