shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-11 18:50:28 +09:00
Code Issues Packages Projects Releases Wiki Activity

CVE-2026-0965 config: Do not attempt to read non-regular and too large configuration files

Browse Source 
Changes also the reading of known_hosts to use the new helper function

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit a5eb30dbfd)
This commit is contained in:
Jakub Jelen
2025-12-11 17:33:19 +01:00
parent 3e1d276a5a
commit bf390a0426
9 changed files with 110 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
include/libssh/misc.h
View File

@@ -36,6 +36,7 @@
#include <sys/types.h>
#include <stdbool.h>
#endif /* _WIN32 */
#include <stdio.h>
#ifdef __cplusplus
extern "C" {
@@ -136,6 +137,8 @@ int ssh_check_username_syntax(const char *username);
void ssh_proxyjumps_free(struct ssh_list *proxy_jump_list);
bool ssh_libssh_proxy_jumps(void);
FILE *ssh_strict_fopen(const char *filename, size_t max_file_size);
#ifdef __cplusplus
}
#endif

3
include/libssh/priv.h
View File

@@ -473,6 +473,9 @@ char *ssh_strerror(int err_num, char *buf, size_t buflen);
#define SSH_TTY_MODES_MAX_BUFSIZE (55 * 5 + 1)
int encode_current_tty_opts(unsigned char *buf, size_t buflen);
/** The default maximum file size for a configuration file */
#define SSH_MAX_CONFIG_FILE_SIZE 16 * 1024 * 1024
#ifdef __cplusplus
}
#endif