From 3ce8bf32895002ae2ad02bb50d0e04b02b2a7314 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavol=20=C5=BD=C3=A1=C4=8Dik?= <pzacik@redhat.com>
Date: Fri, 6 Mar 2026 10:41:17 +0100
Subject: [PATCH] hybrid_mlkem: Fix incomplete error handling of short ML-KEM
 keys
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reported by Haruki Oyama.

Independently reported by Vulnerability Disclosure <vulns@meta.com>

Signed-off-by: Pavol Žáčik <pzacik@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
 src/hybrid_mlkem.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/hybrid_mlkem.c b/src/hybrid_mlkem.c
index adab6a6e..d13729ab 100644
--- a/src/hybrid_mlkem.c
+++ b/src/hybrid_mlkem.c
@@ -656,6 +656,8 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_hybrid_mlkem_init)
                       SSH_FATAL,
                       "Could not read ML-KEM pubkey from "
                       "the client init buffer, buffer too short");
+        session->session_state = SSH_SESSION_STATE_ERROR;
+        goto cleanup;
     }
 
 #ifdef DEBUG_CRYPTO