shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-10 18:28:10 +09:00
Code Issues Packages Projects Releases Wiki Activity

CVE-2023-48795: Strip extensions from both kex lists for matching

Browse Source 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Jakub Jelen
2023-12-14 12:22:01 +01:00
committed by Andreas Schneider
parent 3876976ced
commit bdcdf92096
1 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/kex.c
View File

@@ -957,12 +957,20 @@ int ssh_kex_select_methods (ssh_session session)
enum ssh_key_exchange_e kex_type; enum ssh_key_exchange_e kex_type;
int i; int i;
/* Here we should drop the ext-info-c from the list so we avoid matching. /* Here we should drop the extensions from the list so we avoid matching.
* it. We added it to the end, so we can just truncate the string here */ * it. We added it to the end, so we can just truncate the string here */
if (session->client) {
ext_start = strstr(client->methods[SSH_KEX], "," KEX_EXTENSION_CLIENT); ext_start = strstr(client->methods[SSH_KEX], "," KEX_EXTENSION_CLIENT);
if (ext_start != NULL) { if (ext_start != NULL) {
ext_start[0] = '\0'; ext_start[0] = '\0';
} }
}
if (session->server) {
ext_start = strstr(server->methods[SSH_KEX], "," KEX_STRICT_SERVER);
if (ext_start != NULL) {
ext_start[0] = '\0';
}
}
for (i = 0; i < SSH_KEX_METHODS; i++) { for (i = 0; i < SSH_KEX_METHODS; i++) {
crypto->kex_methods[i] = ssh_find_matching(server->methods[i], crypto->kex_methods[i] = ssh_find_matching(server->methods[i],