[src/netbsd-9]: src/crypto/external/bsd/openssh/dist Pull up following revisi...

[msaitoh <msaitoh%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/94556416e4bf
branches:  netbsd-9
changeset: 366661:94556416e4bf
user:      msaitoh <msaitoh%NetBSD.org@localhost>
date:      Mon Jun 06 03:07:03 2022 +0000

description:
Pull up following revision(s) (requested by martin in ticket #1463):

crypto/external/bsd/openssh/dist/sshkey-xmss.c  patch
crypto/external/bsd/openssh/dist/version.h      patch

        Apply upstream fix for CVE-2019-16905.
        Call this NetBSD_Secure_Shell-20220604.

diffstat:

 crypto/external/bsd/openssh/dist/sshkey-xmss.c |  7 ++++---
 crypto/external/bsd/openssh/dist/version.h     |  4 ++--
 2 files changed, 6 insertions(+), 5 deletions(-)

diffs (42 lines):

diff -r d09f4ef03085 -r 94556416e4bf crypto/external/bsd/openssh/dist/sshkey-xmss.c
--- a/crypto/external/bsd/openssh/dist/sshkey-xmss.c    Sat Jun 04 12:39:48 2022 +0000
+++ b/crypto/external/bsd/openssh/dist/sshkey-xmss.c    Mon Jun 06 03:07:03 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: sshkey-xmss.c,v 1.4 2019/01/27 02:08:33 pgoyette Exp $ */
+/*     $NetBSD: sshkey-xmss.c,v 1.4.2.1 2022/06/06 03:07:03 msaitoh Exp $      */
 /* $OpenBSD: sshkey-xmss.c,v 1.3 2018/07/09 21:59:10 markus Exp $ */
 
 /*
@@ -25,7 +25,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-__RCSID("$NetBSD: sshkey-xmss.c,v 1.4 2019/01/27 02:08:33 pgoyette Exp $");
+__RCSID("$NetBSD: sshkey-xmss.c,v 1.4.2.1 2022/06/06 03:07:03 msaitoh Exp $");
 
 #include <sys/types.h>
 #include <sys/uio.h>
@@ -975,7 +975,8 @@
                goto out;
        }
        /* check that an appropriate amount of auth data is present */
-       if (sshbuf_len(encoded) < encrypted_len + authlen) {
+       if (sshbuf_len(encoded) < authlen ||
+           sshbuf_len(encoded) - authlen < encrypted_len) {
                r = SSH_ERR_INVALID_FORMAT;
                goto out;
        }
diff -r d09f4ef03085 -r 94556416e4bf crypto/external/bsd/openssh/dist/version.h
--- a/crypto/external/bsd/openssh/dist/version.h        Sat Jun 04 12:39:48 2022 +0000
+++ b/crypto/external/bsd/openssh/dist/version.h        Mon Jun 06 03:07:03 2022 +0000
@@ -1,8 +1,8 @@
-/*     $NetBSD: version.h,v 1.28 2019/04/20 17:28:19 christos Exp $    */
+/*     $NetBSD: version.h,v 1.28.2.1 2022/06/06 03:07:03 msaitoh Exp $ */
 /* $OpenBSD: version.h,v 1.84 2019/04/03 15:48:45 djm Exp $ */
 
 #define __OPENSSH_VERSION      "OpenSSH_8.0"
-#define __NETBSDSSH_VERSION    "NetBSD_Secure_Shell-20190418"
+#define __NETBSDSSH_VERSION    "NetBSD_Secure_Shell-20220604"
 #define SSH_HPN         "-hpn13v14"
 #define SSH_LPK                "-lpk"
 /*