shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-09 18:04:25 +09:00
Code Issues Packages Projects Releases Wiki Activity

options.c: Add validation against negative rsa min size

Browse Source 
The argument for RSA_MIN_SIZE ssh and sshbind option is of
(int *) type, and hence the caller can supply a pointer to a
location storing a negative value. The commit adds a check to
not allow minimum rsa key size to be set to a negative value.

Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Eshan Kelkar
2024-05-14 15:20:17 +05:30
committed by Jakub Jelen
parent 414a276d2b
commit e1a64c924d
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/options.c
View File

@@ -1217,6 +1217,14 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
return -1; return -1;
} else { } else {
int *x = (int *)value; int *x = (int *)value;
if (*x < 0) {
ssh_set_error_invalid(session);
return -1;
}
/* (*x == 0) is allowed as it is used to revert to default */
if (*x > 0 && *x < 768) { if (*x > 0 && *x < 768) {
ssh_set_error(session, SSH_REQUEST_DENIED, ssh_set_error(session, SSH_REQUEST_DENIED,
"The provided value (%d) for minimal RSA key " "The provided value (%d) for minimal RSA key "
@@ -2468,6 +2476,14 @@ ssh_bind_options_set(ssh_bind sshbind,
return -1; return -1;
} else { } else {
int *x = (int *)value; int *x = (int *)value;
if (*x < 0) {
ssh_set_error_invalid(sshbind);
return -1;
}
/* (*x == 0) is allowed as it is used to revert to default */
if (*x > 0 && *x < 768) { if (*x > 0 && *x < 768) {
ssh_set_error(sshbind, ssh_set_error(sshbind,
SSH_REQUEST_DENIED, SSH_REQUEST_DENIED,