!65 [sync] PR-62: fix CVE-2023-6004, CVE-2023-6918 and CVE-2023-48795

From: @openeuler-sync-bot 
Reviewed-by: @gebidelidaye 
Signed-off-by: @gebidelidaye

backport-0001-CVE-2023-48795-client-side-mitigation.patch

@@ -0,0 +1,453 @@
+From 87b93be5a2071be782aa84aa5a91544b18959d5e Mon Sep 17 00:00:00 2001
+From: Aris Adamantiadis <aris@0xbadc0de.be>
+Date: Tue, 12 Dec 2023 23:09:57 +0100
+Subject: [PATCH 1/4] CVE-2023-48795: client side mitigation
+
+Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+
+Conflict: NA
+Reference:https://gitlab.com/libssh/libssh-mirror/-/commit/87b93be5a2071be782aa84aa5a91544b18959d5e
+---
+ include/libssh/packet.h  |  1 +
+ include/libssh/session.h |  6 +++++
+ src/curve25519.c         | 19 +++----------
+ src/dh-gex.c             |  7 +----
+ src/dh.c                 | 17 +++---------
+ src/ecdh.c               |  8 +-----
+ src/ecdh_crypto.c        | 12 +++------
+ src/ecdh_gcrypt.c        | 10 +++----
+ src/ecdh_mbedcrypto.c    | 11 +++-----
+ src/kex.c                | 34 +++++++++++++++++++----
+ src/packet.c             | 58 ++++++++++++++++++++++++++++++++++++++++
+ src/packet_cb.c          | 12 +++++++++
+ 12 files changed, 126 insertions(+), 69 deletions(-)
+
+diff --git a/include/libssh/packet.h b/include/libssh/packet.h
+index 561bba8e..c6fbc3fc 100644
+--- a/include/libssh/packet.h
++++ b/include/libssh/packet.h
+@@ -63,6 +63,7 @@ SSH_PACKET_CALLBACK(ssh_packet_ext_info);
+ SSH_PACKET_CALLBACK(ssh_packet_kexdh_init);
+ #endif
+ 
++int ssh_packet_send_newkeys(ssh_session session);
+ int ssh_packet_send_unimplemented(ssh_session session, uint32_t seqnum);
+ int ssh_packet_parse_type(ssh_session session);
+ //int packet_flush(ssh_session session, int enforce_blocking);
+diff --git a/include/libssh/session.h b/include/libssh/session.h
+index 64e118ef..3cde0dd4 100644
+--- a/include/libssh/session.h
++++ b/include/libssh/session.h
+@@ -80,6 +80,12 @@ enum ssh_pending_call_e {
+  * sending it twice during key exchange to simplify the state machine. */
+ #define SSH_SESSION_FLAG_KEXINIT_SENT 4
+ 
++/* The current SSH2 session implements the "strict KEX" feature and should behave
++ * differently on SSH2_MSG_NEWKEYS. */
++#define SSH_SESSION_FLAG_KEX_STRICT 0x0010
++/* Unexpected packets have been sent while the session was still unencrypted */
++#define SSH_SESSION_FLAG_KEX_TAINTED 0x0020
++
+ /* codes to use with ssh_handle_packets*() */
+ /* Infinite timeout */
+ #define SSH_TIMEOUT_INFINITE -1
+diff --git a/src/curve25519.c b/src/curve25519.c
+index 37654438..6b7b4238 100644
+--- a/src/curve25519.c
++++ b/src/curve25519.c
+@@ -335,16 +335,10 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_curve25519_reply){
+   }
+ 
+   /* Send the MSG_NEWKEYS */
+-  if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) {
+-    goto error;
+-  }
+-
+-  rc=ssh_packet_send(session);
++  rc = ssh_packet_send_newkeys(session);
+   if (rc == SSH_ERROR) {
+     goto error;
+   }
+-
+-  SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
+   session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
+ 
+   return SSH_PACKET_USED;
+@@ -502,18 +496,13 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_curve25519_init){
+         return SSH_ERROR;
+     }
+ 
+-    /* Send the MSG_NEWKEYS */
+-    rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
+-    if (rc < 0) {
+-        goto error;
+-    }
+-
+     session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
+-    rc = ssh_packet_send(session);
++
++    /* Send the MSG_NEWKEYS */
++    rc = ssh_packet_send_newkeys(session);
+     if (rc == SSH_ERROR) {
+         goto error;
+     }
+-    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
+ 
+     return SSH_PACKET_USED;
+ error:
+diff --git a/src/dh-gex.c b/src/dh-gex.c
+index 4a298542..f1880270 100644
+--- a/src/dh-gex.c
++++ b/src/dh-gex.c
+@@ -287,15 +287,10 @@ static SSH_PACKET_CALLBACK(ssh_packet_client_dhgex_reply)
+     }
+ 
+     /* Send the MSG_NEWKEYS */
+-    if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) {
+-        goto error;
+-    }
+-
+-    rc = ssh_packet_send(session);
++    rc = ssh_packet_send_newkeys(session);
+     if (rc == SSH_ERROR) {
+         goto error;
+     }
+-    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
+     session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
+ 
+     return SSH_PACKET_USED;
+diff --git a/src/dh.c b/src/dh.c
+index c265efcb..1d519c63 100644
+--- a/src/dh.c
++++ b/src/dh.c
+@@ -386,16 +386,10 @@ SSH_PACKET_CALLBACK(ssh_packet_client_dh_reply){
+   }
+ 
+   /* Send the MSG_NEWKEYS */
+-  if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) {
+-    goto error;
+-  }
+-
+-  rc=ssh_packet_send(session);
++  rc = ssh_packet_send_newkeys(session);
+   if (rc == SSH_ERROR) {
+     goto error;
+   }
+-
+-  SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
+   session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
+   return SSH_PACKET_USED;
+ error:
+@@ -532,15 +526,12 @@ int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet)
+     }
+     SSH_LOG(SSH_LOG_DEBUG, "Sent KEX_DH_[GEX]_REPLY");
+ 
+-    if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) {
+-        ssh_buffer_reinit(session->out_buffer);
+-        goto error;
+-    }
+     session->dh_handshake_state=DH_STATE_NEWKEYS_SENT;
+-    if (ssh_packet_send(session) == SSH_ERROR) {
++    /* Send the MSG_NEWKEYS */
++    rc = ssh_packet_send_newkeys(session);
++    if (rc == SSH_ERROR) {
+         goto error;
+     }
+-    SSH_LOG(SSH_LOG_PACKET, "SSH_MSG_NEWKEYS sent");
+ 
+     return SSH_OK;
+ error:
+diff --git a/src/ecdh.c b/src/ecdh.c
+index e5b11ba9..af80beec 100644
+--- a/src/ecdh.c
++++ b/src/ecdh.c
+@@ -93,16 +93,10 @@ SSH_PACKET_CALLBACK(ssh_packet_client_ecdh_reply){
+   }
+ 
+   /* Send the MSG_NEWKEYS */
+-  if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) {
+-    goto error;
+-  }
+-
+-  rc=ssh_packet_send(session);
++  rc = ssh_packet_send_newkeys(session);
+   if (rc == SSH_ERROR) {
+     goto error;
+   }
+-
+-  SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
+   session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
+ 
+   return SSH_PACKET_USED;
+diff --git a/src/ecdh_crypto.c b/src/ecdh_crypto.c
+index a1de27fd..62578c1b 100644
+--- a/src/ecdh_crypto.c
++++ b/src/ecdh_crypto.c
+@@ -323,18 +323,12 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
+         goto error;
+     }
+ 
+-    /* Send the MSG_NEWKEYS */
+-    rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
+-    if (rc < 0) {
+-        goto error;
+-    }
+-
+     session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
+-    rc = ssh_packet_send(session);
+-    if (rc == SSH_ERROR){
++    /* Send the MSG_NEWKEYS */
++    rc = ssh_packet_send_newkeys(session);
++    if (rc == SSH_ERROR) {
+         goto error;
+     }
+-    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
+ 
+     return SSH_PACKET_USED;
+ error:
+diff --git a/src/ecdh_gcrypt.c b/src/ecdh_gcrypt.c
+index d9c41bf9..dd4332d7 100644
+--- a/src/ecdh_gcrypt.c
++++ b/src/ecdh_gcrypt.c
+@@ -372,17 +372,13 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
+         goto out;
+     }
+ 
+-
++    session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
+     /* Send the MSG_NEWKEYS */
+-    rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
+-    if (rc != SSH_OK) {
++    rc = ssh_packet_send_newkeys(session);
++    if (rc == SSH_ERROR) {
+         goto out;
+     }
+ 
+-    session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
+-    rc = ssh_packet_send(session);
+-    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
+-
+  out:
+     gcry_sexp_release(param);
+     gcry_sexp_release(key);
+diff --git a/src/ecdh_mbedcrypto.c b/src/ecdh_mbedcrypto.c
+index 718f1522..45251a42 100644
+--- a/src/ecdh_mbedcrypto.c
++++ b/src/ecdh_mbedcrypto.c
+@@ -300,16 +300,13 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
+         goto out;
+     }
+ 
+-    rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
+-    if (rc < 0) {
+-        rc = SSH_ERROR;
++    session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
++    /* Send the MSG_NEWKEYS */
++    rc = ssh_packet_send_newkeys(session);
++    if (rc == SSH_ERROR) {
+         goto out;
+     }
+ 
+-    session->dh_handshake_state = DH_STATE_NEWKEYS_SENT;
+-    rc = ssh_packet_send(session);
+-    SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent");
+-
+ out:
+     mbedtls_ecp_group_free(&grp);
+     if (rc == SSH_ERROR) {
+diff --git a/src/kex.c b/src/kex.c
+index 3e5ca6ad..0772cae8 100644
+--- a/src/kex.c
++++ b/src/kex.c
+@@ -163,6 +163,9 @@
+ 
+ /* RFC 8308 */
+ #define KEX_EXTENSION_CLIENT "ext-info-c"
++/* Strict kex mitigation against CVE-2023-48795 */
++#define KEX_STRICT_CLIENT "kex-strict-c-v00@openssh.com"
++#define KEX_STRICT_SERVER "kex-strict-s-v00@openssh.com"
+ 
+ /* Allowed algorithms in FIPS mode */
+ #define FIPS_ALLOWED_CIPHERS "aes256-gcm@openssh.com,"\
+@@ -491,6 +494,27 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit)
+                     session->first_kex_follows_guess_wrong ? "wrong" : "right");
+     }
+ 
++    /*
++     * handle the "strict KEX" feature. If supported by peer, then set up the
++     * flag and verify packet sequence numbers.
++     */
++    if (server_kex) {
++        ok = ssh_match_group(session->next_crypto->client_kex.methods[SSH_KEX],
++                             KEX_STRICT_CLIENT);
++        if (ok) {
++            SSH_LOG(SSH_LOG_DEBUG, "Client supports strict kex, enabling.");
++            session->flags |= SSH_SESSION_FLAG_KEX_STRICT;
++        }
++    } else {
++        /* client kex */
++        ok = ssh_match_group(session->next_crypto->server_kex.methods[SSH_KEX],
++                             KEX_STRICT_SERVER);
++        if (ok) {
++            SSH_LOG(SSH_LOG_DEBUG, "Server supports strict kex, enabling.");
++            session->flags |= SSH_SESSION_FLAG_KEX_STRICT;
++        }
++    }
++
+     if (server_kex) {
+         /*
+          * If client sent a ext-info-c message in the kex list, it supports
+@@ -767,21 +791,21 @@ int ssh_set_client_kex(ssh_session session)
+         return SSH_OK;
+     }
+ 
+-    /* Here we append  ext-info-c  to the list of kex algorithms */
++    /* Here we append ext-info-c and kex-strict-c-v00@openssh.com to the list of kex algorithms */
+     kex = client->methods[SSH_KEX];
+     len = strlen(kex);
+-    if (len + strlen(KEX_EXTENSION_CLIENT) + 2 < len) {
++    /* Comma, comma, nul byte */
++    kex_len = len + 1 + strlen(KEX_EXTENSION_CLIENT) + 1 + strlen(KEX_STRICT_CLIENT ) + 1;
++    if (kex_len >= MAX_PACKET_LEN) {
+         /* Overflow */
+         return SSH_ERROR;
+     }
+-    kex_len = len + strlen(KEX_EXTENSION_CLIENT) + 2; /* comma, NULL */
+     kex_tmp = realloc(kex, kex_len);
+     if (kex_tmp == NULL) {
+-        free(kex);
+         ssh_set_error_oom(session);
+         return SSH_ERROR;
+     }
+-    snprintf(kex_tmp + len, kex_len - len, ",%s", KEX_EXTENSION_CLIENT);
++    snprintf(kex_tmp + len, kex_len - len, ",%s,%s", KEX_EXTENSION_CLIENT, KEX_STRICT_CLIENT);
+     client->methods[SSH_KEX] = kex_tmp;
+ 
+     return SSH_OK;
+diff --git a/src/packet.c b/src/packet.c
+index ca7a03b7..82965fb3 100644
+--- a/src/packet.c
++++ b/src/packet.c
+@@ -1309,6 +1309,19 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
+             }
+ #endif /* WITH_ZLIB */
+             payloadsize = ssh_buffer_get_len(session->in_buffer);
++            if (session->recv_seq == UINT32_MAX) {
++                /* Overflowing sequence numbers is always fishy */
++                if (crypto == NULL) {
++                    /* don't allow sequence number overflow when unencrypted */
++                    ssh_set_error(session,
++                                  SSH_FATAL,
++                                  "Incoming sequence number overflow");
++                    goto error;
++                } else {
++                    SSH_LOG(SSH_LOG_WARNING,
++                            "Incoming sequence number overflow");
++                }
++            }
+             session->recv_seq++;
+             if (crypto != NULL) {
+                 struct ssh_cipher_struct *cipher = NULL;
+@@ -1331,7 +1344,19 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
+             SSH_LOG(SSH_LOG_PACKET,
+                     "packet: read type %hhd [len=%d,padding=%hhd,comp=%d,payload=%d]",
+                     session->in_packet.type, packet_len, padding, compsize, payloadsize);
++            if (crypto == NULL) {
++                /* In strict kex, only a few packets are allowed. Taint the session
++                 * if we received packets that are normally allowed but to be
++                 * refused if we are in strict kex when KEX is over.
++                 */
++                uint8_t type = session->in_packet.type;
+ 
++                if (type != SSH2_MSG_KEXINIT && type != SSH2_MSG_NEWKEYS &&
++                    (type < SSH2_MSG_KEXDH_INIT ||
++                     type > SSH2_MSG_KEX_DH_GEX_REQUEST)) {
++                    session->flags |= SSH_SESSION_FLAG_KEX_TAINTED;
++                }
++            }
+             /* Check if the packet is expected */
+             filter_result = ssh_packet_incoming_filter(session);
+ 
+@@ -1347,6 +1372,9 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
+                               session->in_packet.type);
+                 goto error;
+             case SSH_PACKET_UNKNOWN:
++                if (crypto == NULL) {
++                    session->flags |= SSH_SESSION_FLAG_KEX_TAINTED;
++                }
+                 ssh_packet_send_unimplemented(session, session->recv_seq - 1);
+                 break;
+             }
+@@ -1521,7 +1549,33 @@ void ssh_packet_process(ssh_session session, uint8_t type)
+             SSH_LOG(SSH_LOG_RARE, "Failed to send unimplemented: %s",
+                     ssh_get_error(session));
+         }
++        if (session->current_crypto == NULL) {
++            session->flags |= SSH_SESSION_FLAG_KEX_TAINTED;
++        }
++    }
++}
++
++/** @internal
++ * @brief sends a SSH_MSG_NEWKEYS when enabling the new negotiated ciphers
++ * @param session the SSH session
++ * @return SSH_ERROR on error, else SSH_OK
++ */
++int ssh_packet_send_newkeys(ssh_session session)
++{
++    int rc;
++
++    /* Send the MSG_NEWKEYS */
++    rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS);
++    if (rc < 0) {
++        return rc;
+     }
++
++    rc = ssh_packet_send(session);
++    if (rc == SSH_ERROR) {
++        return rc;
++    }
++    SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_NEWKEYS sent");
++    return rc;
+ }
+ 
+ /** @internal
+@@ -1829,6 +1883,10 @@ int ssh_packet_send(ssh_session session)
+     if (rc == SSH_OK && type == SSH2_MSG_NEWKEYS) {
+         struct ssh_iterator *it;
+ 
++        if (session->flags & SSH_SESSION_FLAG_KEX_STRICT) {
++            /* reset packet sequence number when running in strict kex mode */
++            session->send_seq = 0;
++        }
+         for (it = ssh_list_get_iterator(session->out_queue);
+              it != NULL;
+              it = ssh_list_get_iterator(session->out_queue)) {
+diff --git a/src/packet_cb.c b/src/packet_cb.c
+index 3e4d5f6d..a08f1d8a 100644
+--- a/src/packet_cb.c
++++ b/src/packet_cb.c
+@@ -110,6 +110,18 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
+       goto error;
+   }
+ 
++  if (session->flags & SSH_SESSION_FLAG_KEX_STRICT) {
++      /* reset packet sequence number when running in strict kex mode */
++      session->recv_seq = 0;
++      /* Check that we aren't tainted */
++      if (session->flags & SSH_SESSION_FLAG_KEX_TAINTED) {
++          ssh_set_error(session,
++                        SSH_FATAL,
++                        "Received unexpected packets in strict KEX mode.");
++          goto error;
++      }
++  }
++
+   if(session->server){
+     /* server things are done in server.c */
+     session->dh_handshake_state=DH_STATE_FINISHED;
+-- 
+2.33.0
+

backport-0001-CVE-2023-6004-config_parser-Allow-multiple-in-userna.patch

@@ -0,0 +1,31 @@
+From c3234e5f94b96d6e29f0c1c82821c1e3ebb181ed Mon Sep 17 00:00:00 2001
+From: Norbert Pocs <norbertpocs0@gmail.com>
+Date: Wed, 1 Nov 2023 11:24:43 +0100
+Subject: [PATCH 1/9] CVE-2023-6004: config_parser: Allow multiple '@' in
+ usernames
+
+Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+
+Conflict: NA
+Reference:https://git.libssh.org/projects/libssh.git/patch/?id=c3234e5f94b96d6e29f0c1c82821c1e3ebb181ed
+---
+ src/config_parser.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/config_parser.c b/src/config_parser.c
+index ae2aa2c8..76cca224 100644
+--- a/src/config_parser.c
++++ b/src/config_parser.c
+@@ -152,7 +152,7 @@ int ssh_config_parse_uri(const char *tok,
+     }
+ 
+     /* Username part (optional) */
+-    endp = strchr(tok, '@');
++    endp = strrchr(tok, '@');
+     if (endp != NULL) {
+         /* Zero-length username is not valid */
+         if (tok == endp) {
+-- 
+2.33.0
+

backport-0001-CVE-2023-6918-kdf-Reformat.patch

@@ -0,0 +1,75 @@
+From 93c1dbd69f07f324c6aa1ab9296a632489cd3ead Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Fri, 15 Dec 2023 10:30:09 +0100
+Subject: [PATCH 1/5] CVE-2023-6918: kdf: Reformat
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+
+Conflict: NA
+Reference:https://gitlab.com/libssh/libssh-mirror/-/commit/93c1dbd69f07f324c6aa1ab9296a632489cd3ead
+---
+ src/kdf.c | 20 +++++++++++---------
+ 1 file changed, 11 insertions(+), 9 deletions(-)
+
+diff --git a/src/kdf.c b/src/kdf.c
+index 09644739..656a38ed 100644
+--- a/src/kdf.c
++++ b/src/kdf.c
+@@ -58,7 +58,7 @@ static ssh_mac_ctx ssh_mac_ctx_init(enum ssh_kdf_digest type)
+     }
+ 
+     ctx->digest_type = type;
+-    switch(type){
++    switch (type) {
+     case SSH_KDF_SHA1:
+         ctx->ctx.sha1_ctx = sha1_init();
+         return ctx;
+@@ -79,7 +79,7 @@ static ssh_mac_ctx ssh_mac_ctx_init(enum ssh_kdf_digest type)
+ 
+ static void ssh_mac_update(ssh_mac_ctx ctx, const void *data, size_t len)
+ {
+-    switch(ctx->digest_type){
++    switch (ctx->digest_type) {
+     case SSH_KDF_SHA1:
+         sha1_update(ctx->ctx.sha1_ctx, data, len);
+         break;
+@@ -97,26 +97,28 @@ static void ssh_mac_update(ssh_mac_ctx ctx, const void *data, size_t len)
+ 
+ static void ssh_mac_final(unsigned char *md, ssh_mac_ctx ctx)
+ {
+-    switch(ctx->digest_type){
++    switch (ctx->digest_type) {
+     case SSH_KDF_SHA1:
+-        sha1_final(md,ctx->ctx.sha1_ctx);
++        sha1_final(md, ctx->ctx.sha1_ctx);
+         break;
+     case SSH_KDF_SHA256:
+-        sha256_final(md,ctx->ctx.sha256_ctx);
++        sha256_final(md, ctx->ctx.sha256_ctx);
+         break;
+     case SSH_KDF_SHA384:
+-        sha384_final(md,ctx->ctx.sha384_ctx);
++        sha384_final(md, ctx->ctx.sha384_ctx);
+         break;
+     case SSH_KDF_SHA512:
+-        sha512_final(md,ctx->ctx.sha512_ctx);
++        sha512_final(md, ctx->ctx.sha512_ctx);
+         break;
+     }
+     SAFE_FREE(ctx);
+ }
+ 
+ int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
+-                      unsigned char *key, size_t key_len,
+-                      uint8_t key_type, unsigned char *output,
++                      unsigned char *key, 
++                      size_t key_len,
++                      int key_type, 
++                      unsigned char *output,
+                       size_t requested_len)
+ {
+     /* Can't use VLAs with Visual Studio, so allocate the biggest
+-- 
+2.33.0
+

backport-0002-CVE-2023-48795-Server-side-mitigations.patch

@@ -0,0 +1,125 @@
+From fd4948255560039b51c2d61f0a62784ed8b6f5a6 Mon Sep 17 00:00:00 2001
+From: Aris Adamantiadis <aris@0xbadc0de.be>
+Date: Tue, 12 Dec 2023 23:30:26 +0100
+Subject: [PATCH 2/4] CVE-2023-48795: Server side mitigations
+
+Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+
+Conflict: NA
+Reference: https://gitlab.com/libssh/libssh-mirror/-/commit/fd4948255560039b51c2d61f0a62784ed8b6f5a6
+---
+ include/libssh/kex.h |  1 +
+ src/kex.c            | 46 ++++++++++++++++++++++++++++++++++----------
+ src/server.c         |  8 +++++++-
+ 3 files changed, 44 insertions(+), 11 deletions(-)
+
+diff --git a/include/libssh/kex.h b/include/libssh/kex.h
+index 2ace69b6..40da4ef2 100644
+--- a/include/libssh/kex.h
++++ b/include/libssh/kex.h
+@@ -36,6 +36,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit);
+ int ssh_send_kex(ssh_session session);
+ void ssh_list_kex(struct ssh_kex_struct *kex);
+ int ssh_set_client_kex(ssh_session session);
++int ssh_kex_append_extensions(ssh_session session, struct ssh_kex_struct *pkex);
+ int ssh_kex_select_methods(ssh_session session);
+ int ssh_verify_existing_algo(enum ssh_kex_types_e algo, const char *name);
+ char *ssh_keep_known_algos(enum ssh_kex_types_e algo, const char *list);
+diff --git a/src/kex.c b/src/kex.c
+index 0772cae8..e37c176c 100644
+--- a/src/kex.c
++++ b/src/kex.c
+@@ -738,11 +738,8 @@ int ssh_set_client_kex(ssh_session session)
+ {
+     struct ssh_kex_struct *client = &session->next_crypto->client_kex;
+     const char *wanted;
+-    char *kex = NULL;
+-    char *kex_tmp = NULL;
+     int ok;
+     int i;
+-    size_t kex_len, len;
+ 
+     /* Skip if already set, for example for the rekey or when we do the guessing
+      * it could have been already used to make some protocol decisions. */
+@@ -791,11 +788,33 @@ int ssh_set_client_kex(ssh_session session)
+         return SSH_OK;
+     }
+ 
+-    /* Here we append ext-info-c and kex-strict-c-v00@openssh.com to the list of kex algorithms */
+-    kex = client->methods[SSH_KEX];
++    ok = ssh_kex_append_extensions(session, client);
++    if (ok != SSH_OK){
++        return ok;
++    }
++
++    return SSH_OK;
++}
++
++int ssh_kex_append_extensions(ssh_session session, struct ssh_kex_struct *pkex)
++{
++    char *kex = NULL;
++    char *kex_tmp = NULL;
++    size_t kex_len, len;
++
++    /* Here we append ext-info-c and kex-strict-c-v00@openssh.com for client
++     * and kex-strict-s-v00@openssh.com for server to the list of kex algorithms
++     */
++    kex = pkex->methods[SSH_KEX];
+     len = strlen(kex);
+-    /* Comma, comma, nul byte */
+-    kex_len = len + 1 + strlen(KEX_EXTENSION_CLIENT) + 1 + strlen(KEX_STRICT_CLIENT ) + 1;
++    if (session->server) {
++        /* Comma, nul byte */
++        kex_len = len + 1 + strlen(KEX_STRICT_SERVER) + 1;
++    } else {
++        /* Comma, comma, nul byte */
++        kex_len = len + 1 + strlen(KEX_EXTENSION_CLIENT) + 1 +
++                  strlen(KEX_STRICT_CLIENT) + 1;
++    }
+     if (kex_len >= MAX_PACKET_LEN) {
+         /* Overflow */
+         return SSH_ERROR;
+@@ -805,9 +824,16 @@ int ssh_set_client_kex(ssh_session session)
+         ssh_set_error_oom(session);
+         return SSH_ERROR;
+     }
+-    snprintf(kex_tmp + len, kex_len - len, ",%s,%s", KEX_EXTENSION_CLIENT, KEX_STRICT_CLIENT);
+-    client->methods[SSH_KEX] = kex_tmp;
+-
++    if (session->server){
++        snprintf(kex_tmp + len, kex_len - len, ",%s", KEX_STRICT_SERVER);
++    } else {
++        snprintf(kex_tmp + len,
++                 kex_len - len,
++                 ",%s,%s",
++                 KEX_EXTENSION_CLIENT,
++                 KEX_STRICT_CLIENT);
++    }
++    pkex->methods[SSH_KEX] = kex_tmp;
+     return SSH_OK;
+ }
+ 
+diff --git a/src/server.c b/src/server.c
+index ed73e7fb..35e84465 100644
+--- a/src/server.c
++++ b/src/server.c
+@@ -195,7 +195,13 @@ int server_set_kex(ssh_session session)
+         }
+     }
+ 
+-    return 0;
++    /* Do not append the extensions during rekey */
++    if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED) {
++        return SSH_OK;
++    }
++
++    rc = ssh_kex_append_extensions(session, server);
++    return rc;
+ }
+ 
+ int ssh_server_init_kex(ssh_session session) {
+-- 
+2.33.0
+

backport-0002-CVE-2023-6004-options-Simplify-the-hostname-parsing-.patch

@@ -0,0 +1,82 @@
+From a5b8bd0d8841296cf71d927824d60f576581243f Mon Sep 17 00:00:00 2001
+From: Norbert Pocs <norbertpocs0@gmail.com>
+Date: Tue, 31 Oct 2023 09:48:52 +0100
+Subject: [PATCH 2/9] CVE-2023-6004: options: Simplify the hostname parsing in
+ ssh_options_set
+
+Using ssh_config_parse_uri can simplify the parsing of the host
+parsing inside the function of ssh_options_set
+
+Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+
+Conflict: NA
+Reference:https://git.libssh.org/projects/libssh.git/patch/?id=a5b8bd0d8841296cf71d927824d60f576581243f
+---
+ src/options.c | 40 ++++++++++++++++------------------------
+ 1 file changed, 16 insertions(+), 24 deletions(-)
+
+diff --git a/src/options.c b/src/options.c
+index b5f951ac..7c03e7ab 100644
+--- a/src/options.c
++++ b/src/options.c
+@@ -36,6 +36,7 @@
+ #include "libssh/session.h"
+ #include "libssh/misc.h"
+ #include "libssh/options.h"
++#include "libssh/config_parser.h"
+ #ifdef WITH_SERVER
+ #include "libssh/server.h"
+ #include "libssh/bind.h"
+@@ -490,33 +491,24 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
+                 ssh_set_error_invalid(session);
+                 return -1;
+             } else {
+-                q = strdup(value);
+-                if (q == NULL) {
+-                    ssh_set_error_oom(session);
++                char *username = NULL, *hostname = NULL, *port = NULL;
++                rc = ssh_config_parse_uri(value, &username, &hostname, &port);
++                if (rc != SSH_OK) {
+                     return -1;
+                 }
+-                p = strrchr(q, '@');
+-
+-                SAFE_FREE(session->opts.host);
+-
+-                if (p) {
+-                    *p = '\0';
+-                    session->opts.host = strdup(p + 1);
+-                    if (session->opts.host == NULL) {
+-                        SAFE_FREE(q);
+-                        ssh_set_error_oom(session);
+-                        return -1;
+-                    }
+-
++                if (port != NULL) {
++                    SAFE_FREE(username);
++                    SAFE_FREE(hostname);
++                    SAFE_FREE(port);
++                    return -1;
++                }
++                if (username != NULL) {
+                     SAFE_FREE(session->opts.username);
+-                    session->opts.username = strdup(q);
+-                    SAFE_FREE(q);
+-                    if (session->opts.username == NULL) {
+-                        ssh_set_error_oom(session);
+-                        return -1;
+-                    }
+-                } else {
+-                    session->opts.host = q;
++                    session->opts.username = username;
++                }
++                if (hostname != NULL) {
++                    SAFE_FREE(session->opts.host);
++                    session->opts.host = hostname;
+                 }
+             }
+             break;
+-- 
+2.33.0
+

backport-0002-CVE-2023-6918-Remove-unused-evp-functions-and-types.patch

@@ -0,0 +1,300 @@
+From 882d9cb5c8d37d93f9b349d517e59bf496817007 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Fri, 15 Dec 2023 12:55:27 +0100
+Subject: [PATCH 2/5] CVE-2023-6918: Remove unused evp functions and types
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+
+Conflict: NA
+Reference:https://gitlab.com/libssh/libssh-mirror/-/commit/882d9cb5c8d37d93f9b349d517e59bf496817007
+---
+ include/libssh/libcrypto.h     |  5 ---
+ include/libssh/libgcrypt.h     |  1 -
+ include/libssh/libmbedcrypto.h |  1 -
+ include/libssh/wrapper.h       |  5 ---
+ src/libcrypto.c                | 55 +------------------------
+ src/libgcrypt.c                | 52 ------------------------
+ src/libmbedcrypto.c            | 74 ----------------------------------
+ 7 files changed, 1 insertion(+), 192 deletions(-)
+
+diff --git a/include/libssh/libcrypto.h b/include/libssh/libcrypto.h
+index 4117942c..35b277c5 100644
+--- a/include/libssh/libcrypto.h
++++ b/include/libssh/libcrypto.h
+@@ -39,11 +39,6 @@ typedef EVP_MD_CTX* SHA384CTX;
+ typedef EVP_MD_CTX* SHA512CTX;
+ typedef EVP_MD_CTX* MD5CTX;
+ typedef HMAC_CTX* HMACCTX;
+-#ifdef HAVE_ECC
+-typedef EVP_MD_CTX *EVPCTX;
+-#else
+-typedef void *EVPCTX;
+-#endif
+ 
+ #define SHA_DIGEST_LEN SHA_DIGEST_LENGTH
+ #define SHA256_DIGEST_LEN SHA256_DIGEST_LENGTH
+diff --git a/include/libssh/libgcrypt.h b/include/libssh/libgcrypt.h
+index 347d851b..3a803fa4 100644
+--- a/include/libssh/libgcrypt.h
++++ b/include/libssh/libgcrypt.h
+@@ -32,7 +32,6 @@ typedef gcry_md_hd_t SHA384CTX;
+ typedef gcry_md_hd_t SHA512CTX;
+ typedef gcry_md_hd_t MD5CTX;
+ typedef gcry_md_hd_t HMACCTX;
+-typedef gcry_md_hd_t EVPCTX;
+ #define SHA_DIGEST_LENGTH 20
+ #define SHA_DIGEST_LEN SHA_DIGEST_LENGTH
+ #define MD5_DIGEST_LEN 16
+diff --git a/include/libssh/libmbedcrypto.h b/include/libssh/libmbedcrypto.h
+index fe53019b..b6e3e2a3 100644
+--- a/include/libssh/libmbedcrypto.h
++++ b/include/libssh/libmbedcrypto.h
+@@ -41,7 +41,6 @@ typedef mbedtls_md_context_t *SHA384CTX;
+ typedef mbedtls_md_context_t *SHA512CTX;
+ typedef mbedtls_md_context_t *MD5CTX;
+ typedef mbedtls_md_context_t *HMACCTX;
+-typedef mbedtls_md_context_t *EVPCTX;
+ 
+ #define SHA_DIGEST_LENGTH 20
+ #define SHA_DIGEST_LEN SHA_DIGEST_LENGTH
+diff --git a/include/libssh/wrapper.h b/include/libssh/wrapper.h
+index ba64939b..2f5ce189 100644
+--- a/include/libssh/wrapper.h
++++ b/include/libssh/wrapper.h
+@@ -90,11 +90,6 @@ void sha512_update(SHA512CTX c, const void *data, unsigned long len);
+ void sha512_final(unsigned char *md,SHA512CTX c);
+ void sha512(const unsigned char *digest, int len, unsigned char *hash);
+ 
+-void evp(int nid, unsigned char *digest, int len, unsigned char *hash, unsigned int *hlen);
+-EVPCTX evp_init(int nid);
+-void evp_update(EVPCTX ctx, const void *data, unsigned long len);
+-void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen);
+-
+ HMACCTX hmac_init(const void *key,int len, enum ssh_hmac_e type);
+ void hmac_update(HMACCTX c, const void *data, unsigned long len);
+ void hmac_final(HMACCTX ctx,unsigned char *hashmacbuf,unsigned int *len);
+diff --git a/src/libcrypto.c b/src/libcrypto.c
+index 3db75df6..5f3917ba 100644
+--- a/src/libcrypto.c
++++ b/src/libcrypto.c
+@@ -148,60 +148,6 @@ void sha1(const unsigned char *digest, int len, unsigned char *hash)
+     }
+ }
+ 
+-#ifdef HAVE_OPENSSL_ECC
+-static const EVP_MD *nid_to_evpmd(int nid)
+-{
+-    switch (nid) {
+-        case NID_X9_62_prime256v1:
+-            return EVP_sha256();
+-        case NID_secp384r1:
+-            return EVP_sha384();
+-        case NID_secp521r1:
+-            return EVP_sha512();
+-        default:
+-            return NULL;
+-    }
+-
+-    return NULL;
+-}
+-
+-void evp(int nid, unsigned char *digest, int len, unsigned char *hash, unsigned int *hlen)
+-{
+-    const EVP_MD *evp_md = nid_to_evpmd(nid);
+-    EVP_MD_CTX *md = EVP_MD_CTX_new();
+-
+-    EVP_DigestInit(md, evp_md);
+-    EVP_DigestUpdate(md, digest, len);
+-    EVP_DigestFinal(md, hash, hlen);
+-    EVP_MD_CTX_free(md);
+-}
+-
+-EVPCTX evp_init(int nid)
+-{
+-    const EVP_MD *evp_md = nid_to_evpmd(nid);
+-
+-    EVPCTX ctx = EVP_MD_CTX_new();
+-    if (ctx == NULL) {
+-        return NULL;
+-    }
+-
+-    EVP_DigestInit(ctx, evp_md);
+-
+-    return ctx;
+-}
+-
+-void evp_update(EVPCTX ctx, const void *data, unsigned long len)
+-{
+-    EVP_DigestUpdate(ctx, data, len);
+-}
+-
+-void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
+-{
+-    EVP_DigestFinal(ctx, md, mdlen);
+-    EVP_MD_CTX_free(ctx);
+-}
+-#endif
+-
+ SHA256CTX sha256_init(void)
+ {
+     int rc;
+@@ -345,6 +291,7 @@ void md5_final(unsigned char *md, MD5CTX c)
+     EVP_MD_CTX_destroy(c);
+ }
+ 
++
+ #ifdef HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID
+ static const EVP_MD *sshkdf_digest_to_md(enum ssh_kdf_digest digest_type)
+ {
+diff --git a/src/libgcrypt.c b/src/libgcrypt.c
+index 8fbf2157..49488793 100644
+--- a/src/libgcrypt.c
++++ b/src/libgcrypt.c
+@@ -82,58 +82,6 @@ void sha1(const unsigned char *digest, int len, unsigned char *hash) {
+   gcry_md_hash_buffer(GCRY_MD_SHA1, hash, digest, len);
+ }
+ 
+-#ifdef HAVE_GCRYPT_ECC
+-static int nid_to_md_algo(int nid)
+-{
+-    switch (nid) {
+-    case NID_gcrypt_nistp256:
+-        return GCRY_MD_SHA256;
+-    case NID_gcrypt_nistp384:
+-        return GCRY_MD_SHA384;
+-    case NID_gcrypt_nistp521:
+-        return GCRY_MD_SHA512;
+-    }
+-    return GCRY_MD_NONE;
+-}
+-
+-void evp(int nid, unsigned char *digest, int len,
+-         unsigned char *hash, unsigned int *hlen)
+-{
+-    int algo = nid_to_md_algo(nid);
+-
+-    /* Note: What gcrypt calls 'hash' is called 'digest' here and
+-       vice-versa.  */
+-    gcry_md_hash_buffer(algo, hash, digest, len);
+-    *hlen = gcry_md_get_algo_dlen(algo);
+-}
+-
+-EVPCTX evp_init(int nid)
+-{
+-    gcry_error_t err;
+-    int algo = nid_to_md_algo(nid);
+-    EVPCTX ctx;
+-
+-    err = gcry_md_open(&ctx, algo, 0);
+-    if (err) {
+-        return NULL;
+-    }
+-
+-    return ctx;
+-}
+-
+-void evp_update(EVPCTX ctx, const void *data, unsigned long len)
+-{
+-    gcry_md_write(ctx, data, len);
+-}
+-
+-void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
+-{
+-    int algo = gcry_md_get_algo(ctx);
+-    *mdlen = gcry_md_get_algo_dlen(algo);
+-    memcpy(md, gcry_md_read(ctx, algo), *mdlen);
+-    gcry_md_close(ctx);
+-}
+-#endif
+ 
+ SHA256CTX sha256_init(void) {
+   SHA256CTX ctx = NULL;
+diff --git a/src/libmbedcrypto.c b/src/libmbedcrypto.c
+index a2e74d3b..f37a6a6d 100644
+--- a/src/libmbedcrypto.c
++++ b/src/libmbedcrypto.c
+@@ -103,80 +103,6 @@ void sha1(const unsigned char *digest, int len, unsigned char *hash)
+     }
+ }
+ 
+-static mbedtls_md_type_t nid_to_md_algo(int nid)
+-{
+-    switch (nid) {
+-        case NID_mbedtls_nistp256:
+-            return MBEDTLS_MD_SHA256;
+-        case NID_mbedtls_nistp384:
+-            return MBEDTLS_MD_SHA384;
+-        case NID_mbedtls_nistp521:
+-            return MBEDTLS_MD_SHA512;
+-    }
+-    return MBEDTLS_MD_NONE;
+-}
+-
+-void evp(int nid, unsigned char *digest, int len,
+-        unsigned char *hash, unsigned int *hlen)
+-{
+-    mbedtls_md_type_t algo = nid_to_md_algo(nid);
+-    const mbedtls_md_info_t *md_info =
+-        mbedtls_md_info_from_type(algo);
+-
+-
+-    if (md_info != NULL) {
+-        *hlen = mbedtls_md_get_size(md_info);
+-        mbedtls_md(md_info, digest, len, hash);
+-    }
+-}
+-
+-EVPCTX evp_init(int nid)
+-{
+-    EVPCTX ctx = NULL;
+-    int rc;
+-    mbedtls_md_type_t algo = nid_to_md_algo(nid);
+-    const mbedtls_md_info_t *md_info =
+-        mbedtls_md_info_from_type(algo);
+-
+-    if (md_info == NULL) {
+-        return NULL;
+-    }
+-
+-    ctx = malloc(sizeof(mbedtls_md_context_t));
+-    if (ctx == NULL) {
+-        return NULL;
+-    }
+-
+-    mbedtls_md_init(ctx);
+-
+-    rc = mbedtls_md_setup(ctx, md_info, 0);
+-    if (rc != 0) {
+-        SAFE_FREE(ctx);
+-        return NULL;
+-    }
+-
+-    rc = mbedtls_md_starts(ctx);
+-    if (rc != 0) {
+-        SAFE_FREE(ctx);
+-        return NULL;
+-    }
+-
+-    return ctx;
+-}
+-
+-void evp_update(EVPCTX ctx, const void *data, unsigned long len)
+-{
+-    mbedtls_md_update(ctx, data, len);
+-}
+-
+-void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
+-{
+-    *mdlen = mbedtls_md_get_size(ctx->md_info);
+-    mbedtls_md_finish(ctx, md);
+-    mbedtls_md_free(ctx);
+-    SAFE_FREE(ctx);
+-}
+-
+ SHA256CTX sha256_init(void)
+ {
+     SHA256CTX ctx = NULL;
+-- 
+2.33.0
+

backport-0003-CVE-2023-48795-Strip-extensions-from-both-kex-lists-.patch

@@ -0,0 +1,46 @@
+From 03bbbc9e4c93aae2ccdd302d6123e4809be37746 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 14 Dec 2023 12:22:01 +0100
+Subject: [PATCH 3/4] CVE-2023-48795: Strip extensions from both kex lists for
+ matching
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+
+Conflict: NA
+Reference:https://gitlab.com/libssh/libssh-mirror/-/commit/03bbbc9e4c93aae2ccdd302d6123e4809be37747
+---
+ src/kex.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/src/kex.c b/src/kex.c
+index e37c176c..eea3604b 100644
+--- a/src/kex.c
++++ b/src/kex.c
+@@ -936,11 +936,19 @@ int ssh_kex_select_methods (ssh_session session)
+     enum ssh_key_exchange_e kex_type;
+     int i;
+ 
+-    /* Here we should drop the  ext-info-c  from the list so we avoid matching.
++    /* Here we should drop the extensions from the list so we avoid matching.
+      * it. We added it to the end, so we can just truncate the string here */
+-    ext_start = strstr(client->methods[SSH_KEX], ","KEX_EXTENSION_CLIENT);
+-    if (ext_start != NULL) {
+-        ext_start[0] = '\0';
++    if (session->client) {
++        ext_start = strstr(client->methods[SSH_KEX], "," KEX_EXTENSION_CLIENT);
++        if (ext_start != NULL) {
++            ext_start[0] = '\0';
++        }
++    }
++    if (session->server) {
++        ext_start = strstr(server->methods[SSH_KEX], "," KEX_STRICT_SERVER);
++        if (ext_start != NULL) {
++            ext_start[0] = '\0';
++        }
+     }
+ 
+     for (i = 0; i < SSH_KEX_METHODS; i++) {
+-- 
+2.33.0
+

backport-0003-CVE-2023-6004-misc-Add-function-to-check-allowed-cha.patch

@@ -0,0 +1,117 @@
+From efb24b6472e8b87c5832c0590f14e99e82fcdeeb Mon Sep 17 00:00:00 2001
+From: Norbert Pocs <norbertpocs0@gmail.com>
+Date: Tue, 10 Oct 2023 12:44:16 +0200
+Subject: [PATCH 3/9] CVE-2023-6004: misc: Add function to check allowed
+ characters of a hostname
+
+The hostname can be a domain name or an ip address. The colon has to be
+allowed because of IPv6 even it is prohibited in domain names.
+
+Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+
+Conflict: NA
+Reference:https://git.libssh.org/projects/libssh.git/patch/?id=efb24b6472e8b87c5832c0590f14e99e82fcdeeb
+---
+ include/libssh/misc.h |  2 ++
+ src/misc.c            | 68 +++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 70 insertions(+)
+
+diff --git a/include/libssh/misc.h b/include/libssh/misc.h
+index 3cc3b113..a5bee930 100644
+--- a/include/libssh/misc.h
++++ b/include/libssh/misc.h
+@@ -97,4 +97,6 @@ int ssh_mkdirs(const char *pathname, mode_t mode);
+ int ssh_quote_file_name(const char *file_name, char *buf, size_t buf_len);
+ int ssh_newline_vis(const char *string, char *buf, size_t buf_len);
+ 
++int ssh_check_hostname_syntax(const char *hostname);
++
+ #endif /* MISC_H_ */
+diff --git a/src/misc.c b/src/misc.c
+index 149eb85e..e4239e81 100644
+--- a/src/misc.c
++++ b/src/misc.c
+@@ -94,6 +94,8 @@
+ #define ZLIB_STRING ""
+ #endif
+ 
++#define ARPA_DOMAIN_MAX_LEN 63
++
+ /**
+  * @defgroup libssh_misc The SSH helper functions.
+  * @ingroup libssh
+@@ -1734,4 +1736,70 @@ int ssh_newline_vis(const char *string, char *buf, size_t buf_len)
+     return out - buf;
+ }
+ 
++/**
++ * @brief Checks syntax of a domain name
++ *
++ * The check is made based on the RFC1035 section 2.3.1
++ * Allowed characters are: hyphen, period, digits (0-9) and letters (a-zA-Z)
++ *
++ * The label should be no longer than 63 characters
++ * The label should start with a letter and end with a letter or number
++ * The label in this implementation can start with a number to allow virtual
++ * URLs to pass. Note that this will make IPv4 addresses to pass
++ * this check too.
++ *
++ * @param hostname The domain name to be checked, has to be null terminated
++ *
++ * @return SSH_OK if the hostname passes syntax check
++ *         SSH_ERROR otherwise or if hostname is NULL or empty string
++ */
++int ssh_check_hostname_syntax(const char *hostname)
++{
++    char *it = NULL, *s = NULL, *buf = NULL;
++    size_t it_len;
++    char c;
++
++    if (hostname == NULL || strlen(hostname) == 0) {
++        return SSH_ERROR;
++    }
++
++    /* strtok_r writes into the string, keep the input clean */
++    s = strdup(hostname);
++    if (s == NULL) {
++        return SSH_ERROR;
++    }
++
++    it = strtok_r(s, ".", &buf);
++    /* if the token has 0 length */
++    if (it == NULL) {
++        free(s);
++        return SSH_ERROR;
++    }
++    do {
++        it_len = strlen(it);
++        if (it_len > ARPA_DOMAIN_MAX_LEN ||
++            /* the first char must be a letter, but some virtual urls start
++             * with a number */
++            isalnum(it[0]) == 0 ||
++            isalnum(it[it_len - 1]) == 0) {
++            free(s);
++            return SSH_ERROR;
++        }
++        while (*it != '\0') {
++            c = *it;
++            /* the "." is allowed too, but tokenization removes it from the
++             * string */
++            if (isalnum(c) == 0 && c != '-') {
++                free(s);
++                return SSH_ERROR;
++            }
++            it++;
++        }
++    } while ((it = strtok_r(NULL, ".", &buf)) != NULL);
++
++    free(s);
++
++    return SSH_OK;
++}
++
+ /** @} */
+-- 
+2.33.0
+

backport-0004-CVE-2023-48795-tests-Adjust-calculation-to-strict-ke.patch

@@ -0,0 +1,108 @@
+From 768d1ed30cf4b3cb9628254ef3ee24b9c38abdbc Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 14 Dec 2023 12:47:48 +0100
+Subject: [PATCH 4/4] CVE-2023-48795: tests: Adjust calculation to strict kex
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+
+Conflict:NA
+Reference:https://gitlab.com/libssh/libssh-mirror/-/commit/768d1ed30cf4b3cb9628254ef3ee24b9c38abdbc
+---
+ tests/client/torture_rekey.c | 56 ++++++++++++++++++++----------------
+ 1 file changed, 32 insertions(+), 24 deletions(-)
+
+diff --git a/tests/client/torture_rekey.c b/tests/client/torture_rekey.c
+index 13c9a7fe..bfb273af 100644
+--- a/tests/client/torture_rekey.c
++++ b/tests/client/torture_rekey.c
+@@ -148,6 +148,29 @@ static void torture_rekey_default(void **state)
+     ssh_disconnect(s->ssh.session);
+ }
+ 
++static void sanity_check_session(void **state)
++{
++    struct torture_state *s = *state;
++    struct ssh_crypto_struct *c = NULL;
++
++    c = s->ssh.session->current_crypto;
++    assert_non_null(c);
++    assert_int_equal(c->in_cipher->max_blocks,
++                     bytes / c->in_cipher->blocksize);
++    assert_int_equal(c->out_cipher->max_blocks,
++                     bytes / c->out_cipher->blocksize);
++    /* when strict kex is used, the newkeys reset the sequence number */
++    if ((s->ssh.session->flags & SSH_SESSION_FLAG_KEX_STRICT) != 0) {
++        assert_int_equal(c->out_cipher->packets, s->ssh.session->send_seq);
++        assert_int_equal(c->in_cipher->packets, s->ssh.session->recv_seq);
++    } else {
++        /* Otherwise we have less encrypted packets than transferred
++         * (first are not encrypted) */
++        assert_true(c->out_cipher->packets < s->ssh.session->send_seq);
++        assert_true(c->in_cipher->packets < s->ssh.session->recv_seq);
++    }
++}
++
+ /* We lower the rekey limits manually and check that the rekey
+  * really happens when sending data
+  */
+@@ -166,16 +189,10 @@ static void torture_rekey_send(void **state)
+     rc = ssh_connect(s->ssh.session);
+     assert_ssh_return_code(s->ssh.session, rc);
+ 
+-    /* The blocks limit is set correctly */
+-    c = s->ssh.session->current_crypto;
+-    assert_int_equal(c->in_cipher->max_blocks,
+-                     bytes / c->in_cipher->blocksize);
+-    assert_int_equal(c->out_cipher->max_blocks,
+-                     bytes / c->out_cipher->blocksize);
+-    /* We should have less encrypted packets than transfered (first are not encrypted) */
+-    assert_true(c->out_cipher->packets < s->ssh.session->send_seq);
+-    assert_true(c->in_cipher->packets < s->ssh.session->recv_seq);
++    sanity_check_session(state);
+     /* Copy the initial secret hash = session_id so we know we changed keys later */
++    c = s->ssh.session->current_crypto;
++    assert_non_null(c);
+     secret_hash = malloc(c->digest_len);
+     assert_non_null(secret_hash);
+     memcpy(secret_hash, c->secret_hash, c->digest_len);
+@@ -272,14 +289,10 @@ static void torture_rekey_recv(void **state)
+     sftp_file file;
+     mode_t mask;
+ 
+-    /* The blocks limit is set correctly */
+-    c = s->ssh.session->current_crypto;
+-    assert_int_equal(c->in_cipher->max_blocks, bytes / c->in_cipher->blocksize);
+-    assert_int_equal(c->out_cipher->max_blocks, bytes / c->out_cipher->blocksize);
+-    /* We should have less encrypted packets than transfered (first are not encrypted) */
+-    assert_true(c->out_cipher->packets < s->ssh.session->send_seq);
+-    assert_true(c->in_cipher->packets < s->ssh.session->recv_seq);
++    sanity_check_session(state);
+     /* Copy the initial secret hash = session_id so we know we changed keys later */
++    c = s->ssh.session->current_crypto;
++    assert_non_null(c);
+     secret_hash = malloc(c->digest_len);
+     assert_non_null(secret_hash);
+     memcpy(secret_hash, c->secret_hash, c->digest_len);
+@@ -464,15 +477,10 @@ static void torture_rekey_different_kex(void **state)
+     assert_ssh_return_code(s->ssh.session, rc);
+ 
+     /* The blocks limit is set correctly */
+-    c = s->ssh.session->current_crypto;
+-    assert_int_equal(c->in_cipher->max_blocks,
+-                     bytes / c->in_cipher->blocksize);
+-    assert_int_equal(c->out_cipher->max_blocks,
+-                     bytes / c->out_cipher->blocksize);
+-    /* We should have less encrypted packets than transfered (first are not encrypted) */
+-    assert_true(c->out_cipher->packets < s->ssh.session->send_seq);
+-    assert_true(c->in_cipher->packets < s->ssh.session->recv_seq);
++    sanity_check_session(state);
+     /* Copy the initial secret hash = session_id so we know we changed keys later */
++    c = s->ssh.session->current_crypto;
++    assert_non_null(c);
+     secret_hash = malloc(c->digest_len);
+     assert_non_null(secret_hash);
+     memcpy(secret_hash, c->secret_hash, c->digest_len);
+-- 
+2.33.0
+

backport-0004-CVE-2023-6004-torture_misc-Add-test-for-ssh_check_ho.patch

@@ -0,0 +1,109 @@
+From 234ecdf4d9705efa3727a54dcc1ddfe6377c7bf6 Mon Sep 17 00:00:00 2001
+From: Norbert Pocs <norbertpocs0@gmail.com>
+Date: Tue, 10 Oct 2023 12:45:28 +0200
+Subject: [PATCH 4/9] CVE-2023-6004: torture_misc: Add test for
+ ssh_check_hostname_syntax
+
+Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+
+Conflict: NA
+Reference:https://git.libssh.org/projects/libssh.git/patch/?id=234ecdf4d9705efa3727a54dcc1ddfe6377c7bf6
+---
+ tests/unittests/torture_misc.c | 73 ++++++++++++++++++++++++++++++++++
+ 1 file changed, 73 insertions(+)
+
+diff --git a/tests/unittests/torture_misc.c b/tests/unittests/torture_misc.c
+index 0a48abbe..d14f4254 100644
+--- a/tests/unittests/torture_misc.c
++++ b/tests/unittests/torture_misc.c
+@@ -656,6 +656,78 @@ static void torture_ssh_newline_vis(UNUSED_PARAM(void **state))
+     assert_string_equal(buffer, "a\\nb\\n");
+ }
+ 
++static void torture_ssh_check_hostname_syntax(void **state)
++{
++    int rc;
++    (void)state;
++
++    rc = ssh_check_hostname_syntax("duckduckgo.com");
++    assert_int_equal(rc, SSH_OK);
++    rc = ssh_check_hostname_syntax("www.libssh.org");
++    assert_int_equal(rc, SSH_OK);
++    rc = ssh_check_hostname_syntax("Some-Thing.com");
++    assert_int_equal(rc, SSH_OK);
++    rc = ssh_check_hostname_syntax("amazon.a23456789012345678901234567890123456789012345678901234567890123");
++    assert_int_equal(rc, SSH_OK);
++    rc = ssh_check_hostname_syntax("amazon.a23456789012345678901234567890123456789012345678901234567890123.a23456789012345678901234567890123456789012345678901234567890123.ok");
++    assert_int_equal(rc, SSH_OK);
++    rc = ssh_check_hostname_syntax("amazon.a23456789012345678901234567890123456789012345678901234567890123.a23456789012345678901234567890123456789012345678901234567890123.a23456789012345678901234567890123456789012345678901234567890123");
++    assert_int_equal(rc, SSH_OK);
++    rc = ssh_check_hostname_syntax("lavabo-inter.innocentes-manus-meas");
++    assert_int_equal(rc, SSH_OK);
++    rc = ssh_check_hostname_syntax("localhost");
++    assert_int_equal(rc, SSH_OK);
++    rc = ssh_check_hostname_syntax("a");
++    assert_int_equal(rc, SSH_OK);
++    rc = ssh_check_hostname_syntax("a-0.b-b");
++    assert_int_equal(rc, SSH_OK);
++    rc = ssh_check_hostname_syntax("libssh.");
++    assert_int_equal(rc, SSH_OK);
++
++    rc = ssh_check_hostname_syntax(NULL);
++    assert_int_equal(rc, SSH_ERROR);
++    rc = ssh_check_hostname_syntax("");
++    assert_int_equal(rc, SSH_ERROR);
++    rc = ssh_check_hostname_syntax("/");
++    assert_int_equal(rc, SSH_ERROR);
++    rc = ssh_check_hostname_syntax("@");
++    assert_int_equal(rc, SSH_ERROR);
++    rc = ssh_check_hostname_syntax("[");
++    assert_int_equal(rc, SSH_ERROR);
++    rc = ssh_check_hostname_syntax("`");
++    assert_int_equal(rc, SSH_ERROR);
++    rc = ssh_check_hostname_syntax("{");
++    assert_int_equal(rc, SSH_ERROR);
++    rc = ssh_check_hostname_syntax("&");
++    assert_int_equal(rc, SSH_ERROR);
++    rc = ssh_check_hostname_syntax("|");
++    assert_int_equal(rc, SSH_ERROR);
++    rc = ssh_check_hostname_syntax("\"");
++    assert_int_equal(rc, SSH_ERROR);
++    rc = ssh_check_hostname_syntax("`");
++    assert_int_equal(rc, SSH_ERROR);
++    rc = ssh_check_hostname_syntax(" ");
++    assert_int_equal(rc, SSH_ERROR);
++    rc = ssh_check_hostname_syntax("*the+giant&\"rooks\".c0m");
++    assert_int_equal(rc, SSH_ERROR);
++    rc = ssh_check_hostname_syntax("!www.libssh.org");
++    assert_int_equal(rc, SSH_ERROR);
++    rc = ssh_check_hostname_syntax("--.--");
++    assert_int_equal(rc, SSH_ERROR);
++    rc = ssh_check_hostname_syntax("libssh.a234567890123456789012345678901234567890123456789012345678901234");
++    assert_int_equal(rc, SSH_ERROR);
++    rc = ssh_check_hostname_syntax("libssh.a234567890123456789012345678901234567890123456789012345678901234.a234567890123456789012345678901234567890123456789012345678901234");
++    assert_int_equal(rc, SSH_ERROR);
++    rc = ssh_check_hostname_syntax("libssh-");
++    assert_int_equal(rc, SSH_ERROR);
++    rc = ssh_check_hostname_syntax("fe80::9656:d028:8652:66b6");
++    assert_int_equal(rc, SSH_ERROR);
++    rc = ssh_check_hostname_syntax(".");
++    assert_int_equal(rc, SSH_ERROR);
++    rc = ssh_check_hostname_syntax("..");
++    assert_int_equal(rc, SSH_ERROR);
++}
++
+ int torture_run_tests(void) {
+     int rc;
+     struct CMUnitTest tests[] = {
+@@ -678,6 +750,7 @@ int torture_run_tests(void) {
+         cmocka_unit_test(torture_ssh_newline_vis),
+         cmocka_unit_test(torture_ssh_mkdirs),
+         cmocka_unit_test(torture_ssh_quote_file_name),
++        cmocka_unit_test(torture_ssh_check_hostname_syntax),
+     };
+ 
+     ssh_init();
+-- 
+2.33.0
+

backport-0004-CVE-2023-6918-kdf-Detect-context-init-failures.patch

@@ -0,0 +1,57 @@
+From 9276027c687723886e8277b77061464303845831 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Fri, 15 Dec 2023 13:35:14 +0100
+Subject: [PATCH 4/5] CVE-2023-6918: kdf: Detect context init failures
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+
+Conflict:NA
+Reference:https://gitlab.com/libssh/libssh-mirror/-/commit/9276027c687723886e8277b77061464303845831
+---
+ src/kdf.c | 18 +++++++++++++++---
+ 1 file changed, 15 insertions(+), 3 deletions(-)
+
+diff --git a/src/kdf.c b/src/kdf.c
+index 90f6e9f3..b08f0b2f 100644
+--- a/src/kdf.c
++++ b/src/kdf.c
+@@ -61,20 +61,32 @@ static ssh_mac_ctx ssh_mac_ctx_init(enum ssh_kdf_digest type)
+     switch (type) {
+     case SSH_KDF_SHA1:
+         ctx->ctx.sha1_ctx = sha1_init();
++        if (ctx->ctx.sha1_ctx == NULL) {
++            goto err;
++        }
+         return ctx;
+     case SSH_KDF_SHA256:
+         ctx->ctx.sha256_ctx = sha256_init();
++        if (ctx->ctx.sha256_ctx == NULL) {
++            goto err;
++        }
+         return ctx;
+     case SSH_KDF_SHA384:
+         ctx->ctx.sha384_ctx = sha384_init();
++        if (ctx->ctx.sha384_ctx == NULL) {
++            goto err;
++        }
+         return ctx;
+     case SSH_KDF_SHA512:
+         ctx->ctx.sha512_ctx = sha512_init();
++        if (ctx->ctx.sha512_ctx == NULL) {
++            goto err;
++        }
+         return ctx;
+-    default:
+-        SAFE_FREE(ctx);
+-        return NULL;
+     }
++err:
++    SAFE_FREE(ctx);
++    return NULL;
+ }
+ 
+ static void ssh_mac_ctx_free(ssh_mac_ctx ctx)
+-- 
+2.33.0
+

backport-0005-CVE-2023-6004-config_parser-Check-for-valid-syntax-o.patch

@@ -0,0 +1,56 @@
+From 4d7ae19e9cd8c407012b40f3f2eaf480bfb1da7d Mon Sep 17 00:00:00 2001
+From: Norbert Pocs <norbertpocs0@gmail.com>
+Date: Tue, 10 Oct 2023 18:33:56 +0200
+Subject: [PATCH 5/9] CVE-2023-6004: config_parser: Check for valid syntax of a
+ hostname if it is a domain name
+
+This prevents code injection.
+The domain name syntax checker is based on RFC1035.
+
+Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+
+Conflict: NA
+Reference:https://git.libssh.org/projects/libssh.git/patch/?id=4d7ae19e9cd8c407012b40f3f2eaf480bfb1da7d
+---
+ src/config_parser.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/config_parser.c b/src/config_parser.c
+index 76cca224..87bac5d4 100644
+--- a/src/config_parser.c
++++ b/src/config_parser.c
+@@ -30,6 +30,7 @@
+ 
+ #include "libssh/config_parser.h"
+ #include "libssh/priv.h"
++#include "libssh/misc.h"
+ 
+ char *ssh_config_get_cmd(char **str)
+ {
+@@ -139,6 +140,7 @@ int ssh_config_parse_uri(const char *tok,
+ {
+     char *endp = NULL;
+     long port_n;
++    int rc;
+ 
+     /* Sanitize inputs */
+     if (username != NULL) {
+@@ -196,6 +198,14 @@ int ssh_config_parse_uri(const char *tok,
+         if (*hostname == NULL) {
+             goto error;
+         }
++        /* if not an ip, check syntax */
++        rc = ssh_is_ipaddr(*hostname);
++        if (rc == 0) {
++            rc = ssh_check_hostname_syntax(*hostname);
++            if (rc != SSH_OK) {
++                goto error;
++            }
++        }
+     }
+     /* Skip also the closing bracket */
+     if (*endp == ']') {
+-- 
+2.33.0
+

backport-0006-CVE-2023-6004-torture_proxycommand-Add-test-for-prox.patch

@@ -0,0 +1,89 @@
+From 8cf4f4bfda968ab526c1a601ea1030bbaccaba17 Mon Sep 17 00:00:00 2001
+From: Norbert Pocs <norbertpocs0@gmail.com>
+Date: Tue, 10 Oct 2023 10:28:47 +0200
+Subject: [PATCH 6/9] CVE-2023-6004: torture_proxycommand: Add test for
+ proxycommand injection
+
+Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+
+Conflict: NA
+Reference:https://git.libssh.org/projects/libssh.git/patch/?id=8cf4f4bfda968ab526c1a601ea1030bbaccaba17
+---
+ tests/client/torture_proxycommand.c | 53 +++++++++++++++++++++++++++++
+ 1 file changed, 53 insertions(+)
+
+diff --git a/tests/client/torture_proxycommand.c b/tests/client/torture_proxycommand.c
+index c04ff2ab..dc17f3d8 100644
+--- a/tests/client/torture_proxycommand.c
++++ b/tests/client/torture_proxycommand.c
+@@ -161,6 +161,56 @@ static void torture_options_set_proxycommand_ssh_stderr(void **state)
+     assert_int_equal(rc & O_RDWR, O_RDWR);
+ }
+ 
++static void torture_options_proxycommand_injection(void **state)
++{
++    struct torture_state *s = *state;
++    struct passwd *pwd = NULL;
++    const char *malicious_host = "`echo foo > mfile`";
++    const char *command = "nc %h %p";
++    char *current_dir = NULL;
++    char *malicious_file_path = NULL;
++    int mfp_len;
++    int verbosity = torture_libssh_verbosity();
++    struct stat sb;
++    int rc;
++
++    pwd = getpwnam("bob");
++    assert_non_null(pwd);
++
++    rc = setuid(pwd->pw_uid);
++    assert_return_code(rc, errno);
++
++    s->ssh.session = ssh_new();
++    assert_non_null(s->ssh.session);
++
++    ssh_options_set(s->ssh.session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
++    // if we would be checking the rc, this should fail
++    ssh_options_set(s->ssh.session, SSH_OPTIONS_HOST, malicious_host);
++
++    ssh_options_set(s->ssh.session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
++
++    rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_PROXYCOMMAND, command);
++    assert_int_equal(rc, 0);
++    rc = ssh_connect(s->ssh.session);
++    assert_ssh_return_code_equal(s->ssh.session, rc, SSH_ERROR);
++
++    current_dir = torture_get_current_working_dir();
++    assert_non_null(current_dir);
++    mfp_len = strlen(current_dir) + 6;
++    malicious_file_path = malloc(mfp_len);
++    assert_non_null(malicious_file_path);
++    rc = snprintf(malicious_file_path, mfp_len,
++                  "%s/mfile", current_dir);
++    assert_int_equal(rc, mfp_len);
++    free(current_dir);
++    rc = stat(malicious_file_path, &sb);
++    assert_int_not_equal(rc, 0);
++
++    // cleanup
++    remove(malicious_file_path);
++    free(malicious_file_path);
++}
++
+ int torture_run_tests(void) {
+     int rc;
+     struct CMUnitTest tests[] = {
+@@ -176,6 +226,9 @@ int torture_run_tests(void) {
+         cmocka_unit_test_setup_teardown(torture_options_set_proxycommand_ssh_stderr,
+                                         session_setup,
+                                         session_teardown),
++        cmocka_unit_test_setup_teardown(torture_options_proxycommand_injection,
++                                        NULL,
++                                        session_teardown),
+     };
+ 
+ 
+-- 
+2.33.0
+

backport-0007-CVE-2023-6004-torture_misc-Add-test-for-ssh_is_ipadd.patch

@@ -0,0 +1,61 @@
+From a0dbe0d556e073804cc549802569577bb24757d9 Mon Sep 17 00:00:00 2001
+From: Norbert Pocs <norbertpocs0@gmail.com>
+Date: Mon, 6 Nov 2023 20:11:38 +0100
+Subject: [PATCH 7/9] CVE-2023-6004: torture_misc: Add test for ssh_is_ipaddr
+
+Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+
+Conflict: NA
+Reference:https://git.libssh.org/projects/libssh.git/patch/?id=a0dbe0d556e073804cc549802569577bb24757d9
+---
+ tests/unittests/torture_misc.c | 26 ++++++++++++++++++++++++++
+ 1 file changed, 26 insertions(+)
+
+diff --git a/tests/unittests/torture_misc.c b/tests/unittests/torture_misc.c
+index d14f4254..073bc54c 100644
+--- a/tests/unittests/torture_misc.c
++++ b/tests/unittests/torture_misc.c
+@@ -728,6 +728,31 @@ static void torture_ssh_check_hostname_syntax(void **state)
+     assert_int_equal(rc, SSH_ERROR);
+ }
+ 
++static void torture_ssh_is_ipaddr(void **state) {
++    int rc;
++    (void)state;
++
++    rc = ssh_is_ipaddr("201.255.3.69");
++    assert_int_equal(rc, 1);
++    rc = ssh_is_ipaddr("::1");
++    assert_int_equal(rc, 1);
++    rc = ssh_is_ipaddr("2001:0db8:85a3:0000:0000:8a2e:0370:7334");
++    assert_int_equal(rc, 1);
++
++    rc = ssh_is_ipaddr("..");
++    assert_int_equal(rc, 0);
++    rc = ssh_is_ipaddr(":::");
++    assert_int_equal(rc, 0);
++    rc = ssh_is_ipaddr("1.1.1.1.1");
++    assert_int_equal(rc, 0);
++    rc = ssh_is_ipaddr("1.1");
++    assert_int_equal(rc, 0);
++    rc = ssh_is_ipaddr("caesar");
++    assert_int_equal(rc, 0);
++    rc = ssh_is_ipaddr("::xa:1");
++    assert_int_equal(rc, 0);
++}
++
+ int torture_run_tests(void) {
+     int rc;
+     struct CMUnitTest tests[] = {
+@@ -751,6 +776,7 @@ int torture_run_tests(void) {
+         cmocka_unit_test(torture_ssh_mkdirs),
+         cmocka_unit_test(torture_ssh_quote_file_name),
+         cmocka_unit_test(torture_ssh_check_hostname_syntax),
++        cmocka_unit_test(torture_ssh_is_ipaddr),
+     };
+ 
+     ssh_init();
+-- 
+2.33.0
+

backport-0008-CVE-2023-6004-misc-Add-ipv6-link-local-check-for-an-.patch

@@ -0,0 +1,165 @@
+From cdaec0d6273243a03f460cc5ba1a2265b4afb93a Mon Sep 17 00:00:00 2001
+From: Norbert Pocs <norbertpocs0@gmail.com>
+Date: Tue, 28 Nov 2023 15:26:45 +0100
+Subject: [PATCH 8/9] CVE-2023-6004: misc: Add ipv6 link-local check for an ip
+ address
+
+Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+
+Conflict: NA
+Reference:https://git.libssh.org/projects/libssh.git/patch/?id=cdaec0d6273243a03f460cc5ba1a2265b4afb93a
+---
+ src/CMakeLists.txt | 17 ++++++++++-------
+ src/connect.c      |  2 +-
+ src/misc.c         | 44 ++++++++++++++++++++++++++++++++++++++------
+ 3 files changed, 49 insertions(+), 14 deletions(-)
+
+diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
+index a576cf71..fc401793 100644
+--- a/src/CMakeLists.txt
++++ b/src/CMakeLists.txt
+@@ -9,13 +9,6 @@ set(LIBSSH_LINK_LIBRARIES
+   ${LIBSSH_REQUIRED_LIBRARIES}
+ )
+ 
+-if (WIN32)
+-  set(LIBSSH_LINK_LIBRARIES
+-    ${LIBSSH_LINK_LIBRARIES}
+-    ws2_32
+-  )
+-endif (WIN32)
+-
+ if (OPENSSL_CRYPTO_LIBRARIES)
+   set(LIBSSH_PRIVATE_INCLUDE_DIRS
+     ${LIBSSH_PRIVATE_INCLUDE_DIRS}
+@@ -93,6 +86,16 @@ if (MINGW AND Threads_FOUND)
+   )
+ endif()
+ 
++# This needs to be last for mingw to build
++# https://gitlab.com/libssh/libssh-mirror/-/issues/84
++if (WIN32)
++  set(LIBSSH_LINK_LIBRARIES
++    ${LIBSSH_LINK_LIBRARIES}
++    iphlpapi
++    ws2_32
++  )
++endif (WIN32)
++
+ if (BUILD_STATIC_LIB)
+   set(LIBSSH_STATIC_LIBRARY
+     ssh_static
+diff --git a/src/connect.c b/src/connect.c
+index ce4d58df..ca62dcf0 100644
+--- a/src/connect.c
++++ b/src/connect.c
+@@ -136,7 +136,7 @@ static int getai(const char *host, int port, struct addrinfo **ai)
+ #endif
+     }
+ 
+-    if (ssh_is_ipaddr(host)) {
++    if (ssh_is_ipaddr(host) == 1) {
+         /* this is an IP address */
+         SSH_LOG(SSH_LOG_PACKET, "host %s matches an IP address", host);
+         hints.ai_flags |= AI_NUMERICHOST;
+diff --git a/src/misc.c b/src/misc.c
+index e4239e81..6f5d2d60 100644
+--- a/src/misc.c
++++ b/src/misc.c
+@@ -32,6 +32,7 @@
+ #include <sys/socket.h>
+ #include <netinet/in.h>
+ #include <arpa/inet.h>
++#include <net/if.h>
+ 
+ #endif /* _WIN32 */
+ 
+@@ -59,6 +60,7 @@
+ #include <ws2tcpip.h>
+ #include <shlobj.h>
+ #include <direct.h>
++#include <netioapi.h>
+ 
+ #ifdef HAVE_IO_H
+ #include <io.h>
+@@ -216,22 +218,37 @@ int ssh_is_ipaddr_v4(const char *str) {
+ 
+ int ssh_is_ipaddr(const char *str) {
+     int rc = SOCKET_ERROR;
++    char *s = strdup(str);
+ 
+-    if (strchr(str, ':')) {
++    if (s == NULL) {
++        return -1;
++    }
++    if (strchr(s, ':')) {
+         struct sockaddr_storage ss;
+         int sslen = sizeof(ss);
++        char *network_interface = strchr(s, '%');
+ 
+-        /* TODO link-local (IP:v6:addr%ifname). */
+-        rc = WSAStringToAddressA((LPSTR) str,
++        /* link-local (IP:v6:addr%ifname). */
++        if (network_interface != NULL) {
++            rc = if_nametoindex(network_interface + 1);
++            if (rc == 0) {
++                free(s);
++                return 0;
++            }
++            *network_interface = '\0';
++        }
++        rc = WSAStringToAddressA((LPSTR) s,
+                                  AF_INET6,
+                                  NULL,
+                                  (struct sockaddr*)&ss,
+                                  &sslen);
+         if (rc == 0) {
++            free(s);
+             return 1;
+         }
+     }
+ 
++    free(s);
+     return ssh_is_ipaddr_v4(str);
+ }
+ #else /* _WIN32 */
+@@ -335,17 +352,32 @@ int ssh_is_ipaddr_v4(const char *str) {
+ 
+ int ssh_is_ipaddr(const char *str) {
+     int rc = -1;
++    char *s = strdup(str);
+ 
+-    if (strchr(str, ':')) {
++    if (s == NULL) {
++        return -1;
++    }
++    if (strchr(s, ':')) {
+         struct in6_addr dest6;
++        char *network_interface = strchr(s, '%');
+ 
+-        /* TODO link-local (IP:v6:addr%ifname). */
+-        rc = inet_pton(AF_INET6, str, &dest6);
++        /* link-local (IP:v6:addr%ifname). */
++        if (network_interface != NULL) {
++            rc = if_nametoindex(network_interface + 1);
++            if (rc == 0) {
++                free(s);
++                return 0;
++            }
++            *network_interface = '\0';
++        }
++        rc = inet_pton(AF_INET6, s, &dest6);
+         if (rc > 0) {
++            free(s);
+             return 1;
+         }
+     }
+ 
++    free(s);
+     return ssh_is_ipaddr_v4(str);
+ }
+ 
+-- 
+2.33.0
+

backport-0009-CVE-2023-6004-torture_misc-Add-tests-for-ipv6-link-l.patch

@@ -0,0 +1,65 @@
+From 6a8a18c73e73a338283dfbade0a7d83e5cfafe3b Mon Sep 17 00:00:00 2001
+From: Norbert Pocs <norbertpocs0@gmail.com>
+Date: Tue, 28 Nov 2023 15:27:31 +0100
+Subject: [PATCH 9/9] CVE-2023-6004: torture_misc: Add tests for ipv6
+ link-local
+
+Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+
+Conflict: NA
+Reference:https://git.libssh.org/projects/libssh.git/patch/?id=6a8a18c73e73a338283dfbade0a7d83e5cfafe3b
+---
+ tests/unittests/torture_misc.c | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+diff --git a/tests/unittests/torture_misc.c b/tests/unittests/torture_misc.c
+index 073bc54c..f16b766e 100644
+--- a/tests/unittests/torture_misc.c
++++ b/tests/unittests/torture_misc.c
+@@ -17,7 +17,14 @@
+ #include "misc.c"
+ #include "error.c"
+ 
++#ifdef _WIN32
++#include <netioapi.h>
++#else
++#include <net/if.h>
++#endif
++
+ #define TORTURE_TEST_DIR "/usr/local/bin/truc/much/.."
++#define TORTURE_IPV6_LOCAL_LINK "fe80::98e1:82ff:fe8d:28b3%%%s"
+ 
+ const char template[] = "temp_dir_XXXXXX";
+ 
+@@ -730,14 +737,27 @@ static void torture_ssh_check_hostname_syntax(void **state)
+ 
+ static void torture_ssh_is_ipaddr(void **state) {
+     int rc;
++    char *interf = malloc(64);
++    char *test_interf = malloc(128);
+     (void)state;
+ 
++    assert_non_null(interf);
++    assert_non_null(test_interf);
+     rc = ssh_is_ipaddr("201.255.3.69");
+     assert_int_equal(rc, 1);
+     rc = ssh_is_ipaddr("::1");
+     assert_int_equal(rc, 1);
+     rc = ssh_is_ipaddr("2001:0db8:85a3:0000:0000:8a2e:0370:7334");
+     assert_int_equal(rc, 1);
++    if_indextoname(1, interf);
++    assert_non_null(interf);
++    rc = sprintf(test_interf, TORTURE_IPV6_LOCAL_LINK, interf);
++    /* the "%%s" is not written */
++    assert_int_equal(rc, strlen(interf) + strlen(TORTURE_IPV6_LOCAL_LINK) - 3);
++    rc = ssh_is_ipaddr(test_interf);
++    assert_int_equal(rc, 1);
++    free(interf);
++    free(test_interf);
+ 
+     rc = ssh_is_ipaddr("..");
+     assert_int_equal(rc, 0);
+-- 
+2.33.0
+

backport-0010-CVE-2023-6004-torture_config-Allow-multiple-in-usern.patch

@@ -0,0 +1,89 @@
+From 11bd6e6ad926a38cd7b9f8308a4c2fd8dfd9200c Mon Sep 17 00:00:00 2001
+From: Norbert Pocs <norbertpocs0@gmail.com>
+Date: Sun, 5 Nov 2023 13:12:47 +0100
+Subject: [PATCH] CVE-2023-6004: torture_config: Allow multiple '@' in
+ usernames
+
+Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+
+Conflict: NA
+Reference:https://gitlab.com/libssh/libssh-mirror/-/commit/11bd6e6ad926a38cd7b9f8308a4c2fd8dfd9200c
+---
+ tests/unittests/torture_config.c | 44 ++++++++++++++++++--------------
+ 1 file changed, 25 insertions(+), 19 deletions(-)
+
+diff --git a/tests/unittests/torture_config.c b/tests/unittests/torture_config.c
+index f91112a9..3a5a74bf 100644
+--- a/tests/unittests/torture_config.c
++++ b/tests/unittests/torture_config.c
+@@ -671,24 +671,40 @@ static void torture_config_proxyjump(void **state) {
+     assert_string_equal(session->opts.ProxyCommand,
+                         "ssh -W '[%h]:%p' 2620:52:0::fed");
+ 
+-    /* Try to create some invalid configurations */
+-    /* Non-numeric port */
++    /* Multiple @ is allowed in second jump */
+     torture_write_file(LIBSSH_TESTCONFIG11,
+-                       "Host bad-port\n"
+-                       "\tProxyJump jumpbox:22bad22\n"
++                       "Host allowed-hostname\n"
++                       "\tProxyJump localhost,user@principal.com@jumpbox:22\n"
+                        "");
+     torture_reset_config(session);
+-    ssh_options_set(session, SSH_OPTIONS_HOST, "bad-port");
++    ssh_options_set(session, SSH_OPTIONS_HOST, "allowed-hostname");
+     ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
+-    assert_ssh_return_code_equal(session, ret, SSH_ERROR);
++    assert_ssh_return_code(session, ret);
++    assert_string_equal(session->opts.ProxyCommand,
++                        "ssh -J user@principal.com@jumpbox:22 -W '[%h]:%p' localhost");
+ 
+-    /* Too many @ */
++    /* Multiple @ is allowed */
+     torture_write_file(LIBSSH_TESTCONFIG11,
+-                       "Host bad-hostname\n"
++                       "Host allowed-hostname\n"
+                        "\tProxyJump user@principal.com@jumpbox:22\n"
+                        "");
+     torture_reset_config(session);
+-    ssh_options_set(session, SSH_OPTIONS_HOST, "bad-hostname");
++    ssh_options_set(session, SSH_OPTIONS_HOST, "allowed-hostname");
++    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
++    assert_ssh_return_code(session, ret);
++    assert_string_equal(session->opts.ProxyCommand,
++                        "ssh -l user@principal.com -p 22 -W '[%h]:%p' jumpbox");
++
++    /* In this part, we try various other config files and strings. */
++
++    /* Try to create some invalid configurations */
++    /* Non-numeric port */
++    torture_write_file(LIBSSH_TESTCONFIG11,
++                       "Host bad-port\n"
++                       "\tProxyJump jumpbox:22bad22\n"
++                       "");
++    torture_reset_config(session);
++    ssh_options_set(session, SSH_OPTIONS_HOST, "bad-port");
+     ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
+     assert_ssh_return_code_equal(session, ret, SSH_ERROR);
+ 
+@@ -752,16 +768,6 @@ static void torture_config_proxyjump(void **state) {
+     ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
+     assert_ssh_return_code_equal(session, ret, SSH_ERROR);
+ 
+-    /* Too many @ in second jump */
+-    torture_write_file(LIBSSH_TESTCONFIG11,
+-                       "Host bad-hostname\n"
+-                       "\tProxyJump localhost,user@principal.com@jumpbox:22\n"
+-                       "");
+-    torture_reset_config(session);
+-    ssh_options_set(session, SSH_OPTIONS_HOST, "bad-hostname");
+-    ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
+-    assert_ssh_return_code_equal(session, ret, SSH_ERROR);
+-
+     /* Braces mismatch in second jump */
+     torture_write_file(LIBSSH_TESTCONFIG11,
+                        "Host mismatch\n"
+-- 
+2.33.0
+

libssh.spec

@@ -1,6 +1,6 @@
 Name:           libssh
 Version:        0.9.6
-Release:        7
+Release:        8
 Summary:        A library implementing the SSH protocol
 License:        LGPLv2+
 URL:            http://www.libssh.org
@@ -40,6 +40,24 @@ Patch27:        backport-0008-CVE-2023-1667-tests-Client-coverage-for-key-exchan
 Patch28:        backport-0009-CVE-2023-1667-tests-Send-a-bit-more-to-make-sure-rek.patch
 Patch29:        backport-0001-CVE-2023-2283-pki_crypto-Fix-possible-authentication.patch
 Patch30:        backport-0002-CVE-2023-2283-pki_crypto-Remove-unnecessary-NUL.patch
+Patch31:        backport-0001-CVE-2023-6004-config_parser-Allow-multiple-in-userna.patch
+Patch32:        backport-0002-CVE-2023-6004-options-Simplify-the-hostname-parsing-.patch
+Patch33:        backport-0003-CVE-2023-6004-misc-Add-function-to-check-allowed-cha.patch
+Patch34:        backport-0004-CVE-2023-6004-torture_misc-Add-test-for-ssh_check_ho.patch
+Patch35:        backport-0005-CVE-2023-6004-config_parser-Check-for-valid-syntax-o.patch
+Patch36:        backport-0006-CVE-2023-6004-torture_proxycommand-Add-test-for-prox.patch
+Patch37:        backport-0007-CVE-2023-6004-torture_misc-Add-test-for-ssh_is_ipadd.patch
+Patch38:        backport-0008-CVE-2023-6004-misc-Add-ipv6-link-local-check-for-an-.patch
+Patch39:        backport-0009-CVE-2023-6004-torture_misc-Add-tests-for-ipv6-link-l.patch
+Patch40:        backport-0001-CVE-2023-48795-client-side-mitigation.patch
+Patch41:        backport-0002-CVE-2023-48795-Server-side-mitigations.patch
+Patch42:        backport-0003-CVE-2023-48795-Strip-extensions-from-both-kex-lists-.patch
+Patch43:        backport-0004-CVE-2023-48795-tests-Adjust-calculation-to-strict-ke.patch
+Patch44:        backport-0001-CVE-2023-6918-kdf-Reformat.patch
+Patch45:        backport-0002-CVE-2023-6918-Remove-unused-evp-functions-and-types.patch
+Patch46:        backport-0003-CVE-2023-6918-Systematically-check-return-values-whe.patch
+Patch47:        backport-0004-CVE-2023-6918-kdf-Detect-context-init-failures.patch
+Patch48:        backport-0010-CVE-2023-6004-torture_config-Allow-multiple-in-usern.patch
 
 BuildRequires:  cmake gcc-c++ gnupg2 openssl-devel pkgconfig zlib-devel
 BuildRequires:  krb5-devel libcmocka-devel openssh-clients openssh-server
@@ -125,6 +143,12 @@ popd
 %doc ChangeLog README
 
 %changelog
+* Thu Dec 28 2023 renmingshuai <renmingshuai@huawei.com> - 0.9.6-8
+- Type:CVE
+- Id:CVE-2023-6004,CVE-2023-6918,CVE-2023-48795
+- SUG:NA
+- DESC:fix CVE-2023-6004, CVE-2023-6918 and CVE-2023-48795
+
 * Fri May 19 2023 renmingshuai <renmingshuai@huawei.com> - 0.9.6-7
 - Type:CVE
 - Id:CVE-2023-1667,CVE-2023-2283