shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-11 10:40:27 +09:00
Code Issues Packages Projects Releases Wiki Activity

CVE-2023-1667:kex: Properly conditionalize server code

Browse Source 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Jakub Jelen
2023-04-28 16:34:13 +02:00
committed by Andreas Schneider
parent 070f679767
commit 3981aeede2
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/kex.c
View File

@@ -369,6 +369,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
} }
if (server_kex) { if (server_kex) {
#ifdef WITH_SERVER
len = ssh_buffer_get_data(packet, crypto->client_kex.cookie, 16); len = ssh_buffer_get_data(packet, crypto->client_kex.cookie, 16);
if (len != 16) { if (len != 16) {
ssh_set_error(session, SSH_FATAL, ssh_set_error(session, SSH_FATAL,
@@ -382,6 +383,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
"ssh_packet_kexinit: adding cookie failed"); "ssh_packet_kexinit: adding cookie failed");
goto error; goto error;
} }
#endif /* WITH_SERVER */
} else { } else {
len = ssh_buffer_get_data(packet, crypto->server_kex.cookie, 16); len = ssh_buffer_get_data(packet, crypto->server_kex.cookie, 16);
if (len != 16) { if (len != 16) {
@@ -422,9 +424,11 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
/* copy the peer kex info into an array of strings */ /* copy the peer kex info into an array of strings */
if (server_kex) { if (server_kex) {
#ifdef WITH_SERVER
for (i = 0; i < SSH_KEX_METHODS; i++) { for (i = 0; i < SSH_KEX_METHODS; i++) {
crypto->client_kex.methods[i] = strings[i]; crypto->client_kex.methods[i] = strings[i];
} }
#endif /* WITH_SERVER */
} else { /* client */ } else { /* client */
for (i = 0; i < SSH_KEX_METHODS; i++) { for (i = 0; i < SSH_KEX_METHODS; i++) {
crypto->server_kex.methods[i] = strings[i]; crypto->server_kex.methods[i] = strings[i];
@@ -441,6 +445,8 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
* that its value is included when computing the session ID (see * that its value is included when computing the session ID (see
* 'make_sessionid'). * 'make_sessionid').
*/ */
#ifdef WITH_SERVER
if (server_kex) { if (server_kex) {
rc = ssh_buffer_get_u8(packet, &first_kex_packet_follows); rc = ssh_buffer_get_u8(packet, &first_kex_packet_follows);
if (rc != 1) { if (rc != 1) {
@@ -542,6 +548,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
session->next_crypto->server_kex.methods[SSH_HOSTKEYS]); session->next_crypto->server_kex.methods[SSH_HOSTKEYS]);
} }
} }
#endif /* WITH_SERVER */
/* Note, that his overwrites authenticated state in case of rekeying */ /* Note, that his overwrites authenticated state in case of rekeying */
session->session_state = SSH_SESSION_STATE_KEXINIT_RECEIVED; session->session_state = SSH_SESSION_STATE_KEXINIT_RECEIVED;
@@ -553,7 +560,9 @@ error:
SSH_STRING_FREE(str); SSH_STRING_FREE(str);
for (i = 0; i < SSH_KEX_METHODS; i++) { for (i = 0; i < SSH_KEX_METHODS; i++) {
if (server_kex) { if (server_kex) {
#ifdef WITH_SERVER
session->next_crypto->client_kex.methods[i] = NULL; session->next_crypto->client_kex.methods[i] = NULL;
#endif /* WITH_SERVER */
} else { /* client */ } else { /* client */
session->next_crypto->server_kex.methods[i] = NULL; session->next_crypto->server_kex.methods[i] = NULL;
} }