1 files changed, 31 insertions, 0 deletions

diff --git a/backport-libssh2-set-length-to-0-if-strdup-failed.patch b/backport-libssh2-set-length-to-0-if-strdup-failed.patch
new file mode 100644
index 0000000..eeeb7c0
--- /dev/null
+++ b/backport-libssh2-set-length-to-0-if-strdup-failed.patch
@@ -0,0 +1,31 @@
+From 6f3204820052263f488f86e02c206e1d24c4da2c Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Thu, 28 Mar 2024 00:38:09 +0100
+Subject: [PATCH] libssh2: set length to 0 if strdup failed
+
+Internally, libssh2 dereferences the NULL pointer if length is non-zero.
+The callback function cannot return the error condition, so at least
+prevent subsequent crash.
+
+Closes #13213
+
+Conflict:NA
+Reference:https://github.com/curl/curl/commit/6f3204820052263f488f86e02c206e1d24c4da2c
+---
+ lib/vssh/libssh2.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c
+index 3cfbe126c69df3..7d8d5f46571e9f 100644
+--- a/lib/vssh/libssh2.c
++++ b/lib/vssh/libssh2.c
+@@ -201,7 +201,8 @@ kbd_callback(const char *name, int name_len, const char *instruction,
+   if(num_prompts == 1) {
+     struct connectdata *conn = data->conn;
+     responses[0].text = strdup(conn->passwd);
+-    responses[0].length = curlx_uztoui(strlen(conn->passwd));
++    responses[0].length =
++      responses[0].text == NULL ? 0 : curlx_uztoui(strlen(conn->passwd));
+   }
+   (void)prompts;
+ } /* kbd_callback */