packages/libssh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
libssh/backport-0001-CVE-2023-6004-config_parser-Allow-multiple-in-userna.patch
renmingshuai 3af789a411 fix CVE-2023-6004, CVE-2023-6918 and CVE-2023-48795 
(cherry picked from commit 9222a7fc667186111a524a9dc1e5cb5d442beeac)
2023-12-28 22:06:06 +08:00

32 lines
961 B
Diff
Raw Permalink Blame History

From c3234e5f94b96d6e29f0c1c82821c1e3ebb181ed Mon Sep 17 00:00:00 2001
From: Norbert Pocs <norbertpocs0@gmail.com>
Date: Wed, 1 Nov 2023 11:24:43 +0100
Subject: [PATCH 1/9] CVE-2023-6004: config_parser: Allow multiple '@' in
usernames
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Conflict: NA
Reference:https://git.libssh.org/projects/libssh.git/patch/?id=c3234e5f94b96d6e29f0c1c82821c1e3ebb181ed
---
src/config_parser.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/config_parser.c b/src/config_parser.c
index ae2aa2c8..76cca224 100644
--- a/src/config_parser.c
+++ b/src/config_parser.c
@@ -152,7 +152,7 @@ int ssh_config_parse_uri(const char *tok,
}
/* Username part (optional) */
- endp = strchr(tok, '@');
+ endp = strrchr(tok, '@');
if (endp != NULL) {
/* Zero-length username is not valid */
if (tok == endp) {
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink