packages/libssh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
libssh/backport-0002-CVE-2023-6004-options-Simplify-the-hostname-parsing-.patch
renmingshuai 3af789a411 fix CVE-2023-6004, CVE-2023-6918 and CVE-2023-48795 
(cherry picked from commit 9222a7fc667186111a524a9dc1e5cb5d442beeac)
2023-12-28 22:06:06 +08:00

83 lines
2.8 KiB
Diff
Raw Blame History

From a5b8bd0d8841296cf71d927824d60f576581243f Mon Sep 17 00:00:00 2001
From: Norbert Pocs <norbertpocs0@gmail.com>
Date: Tue, 31 Oct 2023 09:48:52 +0100
Subject: [PATCH 2/9] CVE-2023-6004: options: Simplify the hostname parsing in
ssh_options_set
Using ssh_config_parse_uri can simplify the parsing of the host
parsing inside the function of ssh_options_set
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Conflict: NA
Reference:https://git.libssh.org/projects/libssh.git/patch/?id=a5b8bd0d8841296cf71d927824d60f576581243f
---
src/options.c | 40 ++++++++++++++++------------------------
1 file changed, 16 insertions(+), 24 deletions(-)
diff --git a/src/options.c b/src/options.c
index b5f951ac..7c03e7ab 100644
--- a/src/options.c
+++ b/src/options.c
@@ -36,6 +36,7 @@
#include "libssh/session.h"
#include "libssh/misc.h"
#include "libssh/options.h"
+#include "libssh/config_parser.h"
#ifdef WITH_SERVER
#include "libssh/server.h"
#include "libssh/bind.h"
@@ -490,33 +491,24 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
ssh_set_error_invalid(session);
return -1;
} else {
- q = strdup(value);
- if (q == NULL) {
- ssh_set_error_oom(session);
+ char *username = NULL, *hostname = NULL, *port = NULL;
+ rc = ssh_config_parse_uri(value, &username, &hostname, &port);
+ if (rc != SSH_OK) {
return -1;
}
- p = strrchr(q, '@');
-
- SAFE_FREE(session->opts.host);
-
- if (p) {
- *p = '\0';
- session->opts.host = strdup(p + 1);
- if (session->opts.host == NULL) {
- SAFE_FREE(q);
- ssh_set_error_oom(session);
- return -1;
- }
-
+ if (port != NULL) {
+ SAFE_FREE(username);
+ SAFE_FREE(hostname);
+ SAFE_FREE(port);
+ return -1;
+ }
+ if (username != NULL) {
SAFE_FREE(session->opts.username);
- session->opts.username = strdup(q);
- SAFE_FREE(q);
- if (session->opts.username == NULL) {
- ssh_set_error_oom(session);
- return -1;
- }
- } else {
- session->opts.host = q;
+ session->opts.username = username;
+ }
+ if (hostname != NULL) {
+ SAFE_FREE(session->opts.host);
+ session->opts.host = hostname;
}
}
break;
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink