packages/libssh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix regression in IPv6 addresses in hostname parsing

Browse Source 
(cherry picked from commit 04d34ecc59e16daf5d89bc7a7265e7deec64e6c0)
This commit is contained in:
renmingshuai 2024-02-07 03:45:50 +00:00 committed by openeuler-sync-bot
parent d26d910ddc
commit d7c3e1aa9c
2 changed files with 145 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

137
backport-Fix-regression-in-IPv6-addresses-in-hostname-parsing.patch Normal file
View File

@ -0,0 +1,137 @@
From 4f997aee7c7d7ea346b3e8ba505da0b7601ff318 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 22 Dec 2023 10:32:40 +0100
Subject: [PATCH] Fix regression in IPv6 addresses in hostname parsing
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reference:
https://git.libssh.org/projects/libssh.git/patch/?id=4f997aee7c7d7
---
include/libssh/config_parser.h | 11 ++++++++---
src/config.c | 4 ++--
src/config_parser.c | 16 +++++++++++-----
src/options.c | 10 ++--------
4 files changed, 23 insertions(+), 18 deletions(-)
diff --git a/include/libssh/config_parser.h b/include/libssh/config_parser.h
index e974917..ee647bf 100644
--- a/include/libssh/config_parser.h
+++ b/include/libssh/config_parser.h
@@ -26,6 +26,8 @@
#ifndef CONFIG_PARSER_H_
#define CONFIG_PARSER_H_
+#include <stdbool.h>
+
char *ssh_config_get_cmd(char **str);
char *ssh_config_get_token(char **str);
@@ -45,13 +47,16 @@ int ssh_config_get_yesno(char **str, int notfound);
* be stored or NULL if we do not care about the result.
* @param[out] port Pointer to the location, where the new port will
* be stored or NULL if we do not care about the result.
+ * @param[in] ignore_port Set to true if the we should not attempt to parse
+ * port number.
*
* @returns SSH_OK if the provided string is in format of SSH URI,
* SSH_ERROR on failure
*/
int ssh_config_parse_uri(const char *tok,
- char **username,
- char **hostname,
- char **port);
+ char **username,
+ char **hostname,
+ char **port,
+ bool ignore_port);
#endif /* LIBSSH_CONFIG_H_ */
diff --git a/src/config.c b/src/config.c
index 54a1a6e..cb0890b 100644
--- a/src/config.c
+++ b/src/config.c
@@ -324,7 +324,7 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing)
}
if (parse_entry) {
/* We actually care only about the first item */
- rv = ssh_config_parse_uri(cp, &username, &hostname, &port);
+ rv = ssh_config_parse_uri(cp, &username, &hostname, &port, false);
/* The rest of the list needs to be passed on */
if (endp != NULL) {
next = strdup(endp + 1);
@@ -335,7 +335,7 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing)
}
} else {
/* The rest is just sanity-checked to avoid failures later */
- rv = ssh_config_parse_uri(cp, NULL, NULL, NULL);
+ rv = ssh_config_parse_uri(cp, NULL, NULL, NULL, false);
}
if (rv != SSH_OK) {
goto out;
diff --git a/src/config_parser.c b/src/config_parser.c
index 87bac5d..a2da0a6 100644
--- a/src/config_parser.c
+++ b/src/config_parser.c
@@ -134,9 +134,10 @@ int ssh_config_get_yesno(char **str, int notfound)
}
int ssh_config_parse_uri(const char *tok,
- char **username,
- char **hostname,
- char **port)
+ char **username,
+ char **hostname,
+ char **port,
+ bool ignore_port)
{
char *endp = NULL;
long port_n;
@@ -182,12 +183,17 @@ int ssh_config_parse_uri(const char *tok,
if (endp == NULL) {
goto error;
}
- } else {
- /* Hostnames or aliases expand to the last colon or to the end */
+ } else if (!ignore_port) {
+ /* Hostnames or aliases expand to the last colon (if port is requested)
+ * or to the end */
endp = strrchr(tok, ':');
if (endp == NULL) {
endp = strchr(tok, '\0');
}
+ } else {
+ /* If no port is requested, expand to the end of line
+ * (to accommodate the IPv6 addresses) */
+ endp = strchr(tok, '\0');
}
if (tok == endp) {
/* Zero-length hostnames are not valid */
diff --git a/src/options.c b/src/options.c
index 7c03e7a..0890ff2 100644
--- a/src/options.c
+++ b/src/options.c
@@ -491,17 +491,11 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
ssh_set_error_invalid(session);
return -1;
} else {
- char *username = NULL, *hostname = NULL, *port = NULL;
- rc = ssh_config_parse_uri(value, &username, &hostname, &port);
+ char *username = NULL, *hostname = NULL;
+ rc = ssh_config_parse_uri(value, &username, &hostname, NULL, true);
if (rc != SSH_OK) {
return -1;
}
- if (port != NULL) {
- SAFE_FREE(username);
- SAFE_FREE(hostname);
- SAFE_FREE(port);
- return -1;
- }
if (username != NULL) {
SAFE_FREE(session->opts.username);
session->opts.username = username;
--
2.33.0

9
libssh.spec
View File

@ -1,6 +1,6 @@
Name: libssh
Version: 0.9.6
Release: 8
Release: 9
Summary: A library implementing the SSH protocol
License: LGPLv2+
URL: http://www.libssh.org
@ -58,6 +58,7 @@ Patch45: backport-0002-CVE-2023-6918-Remove-unused-evp-functions-and-type
Patch46: backport-0003-CVE-2023-6918-Systematically-check-return-values-whe.patch
Patch47: backport-0004-CVE-2023-6918-kdf-Detect-context-init-failures.patch
Patch48: backport-0010-CVE-2023-6004-torture_config-Allow-multiple-in-usern.patch
Patch49: backport-Fix-regression-in-IPv6-addresses-in-hostname-parsing.patch
BuildRequires: cmake gcc-c++ gnupg2 openssl-devel pkgconfig zlib-devel
BuildRequires: krb5-devel libcmocka-devel openssh-clients openssh-server
@ -143,6 +144,12 @@ popd
%doc ChangeLog README
%changelog
* Wed Feb 7 2024 renmingshuai <renmingshuai@huawei.com> - 0.9.6-9
- Type:bugfix
- Id:
- SUG:NA
- DESC:Fix regression in IPv6 addresses in hostname parsing
* Thu Dec 28 2023 renmingshuai <renmingshuai@huawei.com> - 0.9.6-8
- Type:CVE
- Id:CVE-2023-6004,CVE-2023-6918,CVE-2023-48795