From 417a095e6749a1f3635e02332061edad3c6a3401 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 8 Jan 2026 12:09:50 +0100
Subject: [PATCH] CVE-2026-0966 misc: Avoid heap buffer underflow in
 ssh_get_hexa
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Pavol Žáčik <pzacik@redhat.com>
---
 src/misc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/misc.c b/src/misc.c
index f4e48f62..4a01f908 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -499,7 +499,7 @@ ssh_get_hexa_internal(const unsigned char *what, size_t len, bool colons)
     size_t bytes_per_byte = 2 + (colons ? 1 : 0);
     size_t hlen = len * bytes_per_byte;
 
-    if (len > (UINT_MAX - 1) / bytes_per_byte) {
+    if (what == NULL || len < 1 || len > (UINT_MAX - 1) / bytes_per_byte) {
         return NULL;
     }