1 files changed, 57 insertions, 0 deletions

diff --git a/CVE-2025-30211-pre1.patch b/CVE-2025-30211-pre1.patch
new file mode 100644
index 0000000..f0c3a55
--- /dev/null
+++ b/CVE-2025-30211-pre1.patch
@@ -0,0 +1,57 @@
+From: Jakub Witczak <kuba@erlang.org>
+Date: Fri, 27 Jan 2023 17:13:31 +0100
+Subject: [PATCH] ssh: reduce log length
+
+origin: backport, https://github.com/erlang/otp/commit/e93e40cf8150539338e7320b9fd9bad825b0a6d0
+bug: https://github.com/erlang/otp/security/advisories/GHSA-vvr3-fjhh-cfwc
+bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101713
+---
+ lib/ssh/src/ssh_connection_handler.erl | 19 ++++++++++++-------
+ 1 file changed, 12 insertions(+), 7 deletions(-)
+
+diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl
+index 53b7d5c..b8c89b8 100644
+--- a/lib/ssh/src/ssh_connection_handler.erl
++++ b/lib/ssh/src/ssh_connection_handler.erl
+@@ -1504,8 +1504,10 @@ handle_event(info, {Proto, Sock, Info}, {hello,_}, #data{socket = Sock,
+     end;
+ 
+ 
+-handle_event(info, {Proto, Sock, NewData}, StateName, D0 = #data{socket = Sock,
+-								 transport_protocol = Proto}) ->
++handle_event(info, {Proto, Sock, NewData}, StateName,
++             D0 = #data{socket = Sock,
++                        transport_protocol = Proto,
++                        ssh_params = SshParams}) ->
+     try ssh_transport:handle_packet_part(
+ 	  D0#data.decrypted_data_buffer,
+ 	  <<(D0#data.encrypted_data_buffer)/binary, NewData/binary>>,
+@@ -1549,10 +1551,11 @@ handle_event(info, {Proto, Sock, NewData}, StateName, D0 = #data{socket = Sock,
+ 				    ]}
+ 	    catch
+ 		C:E:ST  ->
+-                    {Shutdown, D} =  
++                    MaxLogItemLen = ?GET_OPT(max_log_item_len,SshParams#ssh.opts),
++                    {Shutdown, D} =
+                         ?send_disconnect(?SSH_DISCONNECT_PROTOCOL_ERROR,
+-                                         io_lib:format("Bad packet: Decrypted, but can't decode~n~p:~p~n~p",
+-                                                       [C,E,ST]),
++                                         io_lib:format("Bad packet: Decrypted, but can't decode~n~p:~p~n~P",
++                                                       [C,E,ST,MaxLogItemLen]),
+                                          StateName, D1),
+                     {stop, Shutdown, D}
+ 	    end;
+@@ -1583,9 +1586,11 @@ handle_event(info, {Proto, Sock, NewData}, StateName, D0 = #data{socket = Sock,
+             {stop, Shutdown, D}
+     catch
+ 	C:E:ST ->
+-            {Shutdown, D} =  
++            MaxLogItemLen = ?GET_OPT(max_log_item_len,SshParams#ssh.opts),
++            {Shutdown, D} =
+                 ?send_disconnect(?SSH_DISCONNECT_PROTOCOL_ERROR,
+-                                 io_lib:format("Bad packet: Couldn't decrypt~n~p:~p~n~p",[C,E,ST]),
++                                 io_lib:format("Bad packet: Couldn't decrypt~n~p:~p~n~P",
++                                               [C,E,ST,MaxLogItemLen]),
+                                  StateName, D0),
+             {stop, Shutdown, D}
+     end;