From 6887a5bb20b2903c784336d15518271c7a451c51 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 14 Mar 2023 11:35:43 +0100
Subject: [PATCH] CVE-2023-1667:packet: Do not allow servers to initiate
 handshake

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 src/packet.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/packet.c b/src/packet.c
index f734a37c..ca7a03b7 100644
--- a/src/packet.c
+++ b/src/packet.c
@@ -366,6 +366,11 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se
          * - session->dh_handhsake_state = DH_STATE_NEWKEYS_SENT
          * */
 
+        if (!session->server) {
+            rc = SSH_PACKET_DENIED;
+            break;
+        }
+
         if (session->session_state != SSH_SESSION_STATE_DH) {
             rc = SSH_PACKET_DENIED;
             break;