packages/libssh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
libssh/backport-0001-CVE-2023-1667-packet_cb-Log-more-verbose-error-if-si.patch
renmingshuai dbb2396adf fix CVE-2023-1667 and CVE-2023-2283 
(cherry picked from commit e91aad514b5aa162f1bc8f4f6aa451279fe326ad)
2023-05-24 15:21:45 +08:00

35 lines
1.0 KiB
Diff
Raw Permalink Blame History

30339d7b16da7784413e4a4667feb3604ed0458 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 10 Mar 2023 16:14:08 +0100
Subject: [PATCH] CVE-2023-1667:packet_cb: Log more verbose error if
signature
verification fails
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Conflict:NA
Reference:https://gitlab.com/libssh/libssh-mirror/commit/a30339d7b16da7784413e4a4667feb3604ed0458
---
src/packet_cb.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/packet_cb.c b/src/packet_cb.c
index 4e69291..d1fcfdd 100644
--- a/src/packet_cb.c
+++ b/src/packet_cb.c
@@ -156,6 +156,9 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
SSH_STRING_FREE(sig_blob);
ssh_signature_free(sig);
if (rc == SSH_ERROR) {
+ ssh_set_error(session,
+ SSH_FATAL,
+ "Failed to verify server hostkey signature");
goto error;
}
SSH_LOG(SSH_LOG_PROTOCOL,"Signature verified and valid");
--
2.23.0
Reference in New Issue View Git Blame Copy Permalink