From 85ddd8b34ec3667d1c694bfea1db7862bc498146 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 10 Mar 2023 16:14:08 +0100
Subject: [PATCH] CVE-2023-1667:packet_cb: Log more verbose error if signature
 verification fails

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 src/packet_cb.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/packet_cb.c b/src/packet_cb.c
index 39575b17..3e4d5f6d 100644
--- a/src/packet_cb.c
+++ b/src/packet_cb.c
@@ -156,6 +156,9 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
                                   session->next_crypto->digest_len);
     SSH_SIGNATURE_FREE(sig);
     if (rc == SSH_ERROR) {
+      ssh_set_error(session,
+                    SSH_FATAL,
+                    "Failed to verify server hostkey signature");
       goto error;
     }
     SSH_LOG(SSH_LOG_PROTOCOL,"Signature verified and valid");