CVE-2023-1667:packet_cb: Log more verbose error if signature verification fails

Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2026-02-04 12:20:42 +09:00 · 2023-03-10 16:14:08 +01:00
parent 4637c87f2d
commit 85ddd8b34e
1 changed files with 3 additions and 0 deletions
--- a/src/packet_cb.c
+++ b/src/packet_cb.c
@@ -156,6 +156,9 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
                                  session->next_crypto->digest_len);
    SSH_SIGNATURE_FREE(sig);
    if (rc == SSH_ERROR) {
+      ssh_set_error(session,
+                    SSH_FATAL,
+                    "Failed to verify server hostkey signature");
      goto error;
    }
    SSH_LOG(SSH_LOG_PROTOCOL,"Signature verified and valid");