libgit2: fix heap buffer overflow in SSH custom credential handling

The ssh_custom_free() function was calling strlen() on binary public key
data, causing a heap buffer overflow when the data wasn't null-terminated.
It also caused keys with null bytes in them to be not cleared completely.
This patch uses the stored publickey_len field instead of strlen() to
determine the correct buffer size for zeroing memory.

This fix has been published in https://github.com/libgit2/libgit2/pull/7146

Nix uses libgit2, but not the libssh2 integration. Other applications may be
affected, and need this fix.

0 files changed, 0 insertions, 0 deletions