packages/libssh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix regression in IPv6 addresses in hostname parsing

Browse Source 
(cherry picked from commit 4a9e53777a033292422f276bd96101f040acf9c2)
This commit is contained in:
bitianyuan 2024-11-06 15:37:55 +08:00 committed by openeuler-sync-bot
parent 9caff711a4
commit ab4da6fbd4
2 changed files with 146 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

138
backport-Fix-regression-in-IPv6-addresses-in-hostname-parsing.patch Normal file
View File

@ -0,0 +1,138 @@
From 4f997aee7c7d7ea346b3e8ba505da0b7601ff318 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 22 Dec 2023 10:32:40 +0100
Subject: Fix regression in IPv6 addresses in hostname parsing
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reference:https://git.libssh.org/projects/libssh.git/patch/?id=4f997aee7c7d7ea346b3e8ba505da0b7601ff318
Conflict:NA
---
include/libssh/config_parser.h | 10 +++++++---
src/config.c | 4 ++--
src/config_parser.c | 16 +++++++++++-----
src/options.c | 10 ++--------
4 files changed, 22 insertions(+), 18 deletions(-)
diff --git a/include/libssh/config_parser.h b/include/libssh/config_parser.h
index a7dd42a..256c63f 100644
--- a/include/libssh/config_parser.h
+++ b/include/libssh/config_parser.h
@@ -30,6 +30,7 @@
extern "C" {
#endif
+#include <stdbool.h>
char *ssh_config_get_cmd(char **str);
char *ssh_config_get_token(char **str);
@@ -49,14 +50,17 @@ int ssh_config_get_yesno(char **str, int notfound);
* be stored or NULL if we do not care about the result.
* @param[out] port Pointer to the location, where the new port will
* be stored or NULL if we do not care about the result.
+ * @param[in] ignore_port Set to true if the we should not attempt to parse
+ * port number.
*
* @returns SSH_OK if the provided string is in format of SSH URI,
* SSH_ERROR on failure
*/
int ssh_config_parse_uri(const char *tok,
- char **username,
- char **hostname,
- char **port);
+ char **username,
+ char **hostname,
+ char **port,
+ bool ignore_port);
#ifdef __cplusplus
}
diff --git a/src/config.c b/src/config.c
index c5c4012..273db7c 100644
--- a/src/config.c
+++ b/src/config.c
@@ -464,7 +464,7 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing)
}
if (parse_entry) {
/* We actually care only about the first item */
- rv = ssh_config_parse_uri(cp, &username, &hostname, &port);
+ rv = ssh_config_parse_uri(cp, &username, &hostname, &port, false);
/* The rest of the list needs to be passed on */
if (endp != NULL) {
next = strdup(endp + 1);
@@ -475,7 +475,7 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing)
}
} else {
/* The rest is just sanity-checked to avoid failures later */
- rv = ssh_config_parse_uri(cp, NULL, NULL, NULL);
+ rv = ssh_config_parse_uri(cp, NULL, NULL, NULL, false);
}
if (rv != SSH_OK) {
goto out;
diff --git a/src/config_parser.c b/src/config_parser.c
index b8b9461..d4b2d2c 100644
--- a/src/config_parser.c
+++ b/src/config_parser.c
@@ -162,9 +162,10 @@ int ssh_config_get_yesno(char **str, int notfound)
}
int ssh_config_parse_uri(const char *tok,
- char **username,
- char **hostname,
- char **port)
+ char **username,
+ char **hostname,
+ char **port,
+ bool ignore_port)
{
char *endp = NULL;
long port_n;
@@ -210,12 +211,17 @@ int ssh_config_parse_uri(const char *tok,
if (endp == NULL) {
goto error;
}
- } else {
- /* Hostnames or aliases expand to the last colon or to the end */
+ } else if (!ignore_port) {
+ /* Hostnames or aliases expand to the last colon (if port is requested)
+ * or to the end */
endp = strrchr(tok, ':');
if (endp == NULL) {
endp = strchr(tok, '\0');
}
+ } else {
+ /* If no port is requested, expand to the end of line
+ * (to accommodate the IPv6 addresses) */
+ endp = strchr(tok, '\0');
}
if (tok == endp) {
/* Zero-length hostnames are not valid */
diff --git a/src/options.c b/src/options.c
index 3851145..b3ecffe 100644
--- a/src/options.c
+++ b/src/options.c
@@ -516,17 +516,11 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
ssh_set_error_invalid(session);
return -1;
} else {
- char *username = NULL, *hostname = NULL, *port = NULL;
- rc = ssh_config_parse_uri(value, &username, &hostname, &port);
+ char *username = NULL, *hostname = NULL;
+ rc = ssh_config_parse_uri(value, &username, &hostname, NULL, true);
if (rc != SSH_OK) {
return -1;
}
- if (port != NULL) {
- SAFE_FREE(username);
- SAFE_FREE(hostname);
- SAFE_FREE(port);
- return -1;
- }
if (username != NULL) {
SAFE_FREE(session->opts.username);
session->opts.username = username;
--
2.43.0

9
libssh.spec
View File

@ -1,6 +1,6 @@
Name: libssh
Version: 0.10.5
Release: 2
Release: 3
Summary: A library implementing the SSH protocol
License: LGPLv2+
URL: http://www.libssh.org
@ -28,6 +28,7 @@ Patch16: backport-0016-CVE-2023-6918-Remove-unused-evp-functions-and-type
Patch17: backport-0017-CVE-2023-6918-Systematically-check-return-values-whe.patch
Patch18: backport-0018-CVE-2023-6918-kdf-Detect-context-init-failures.patch
Patch19: backport-0019-CVE-2023-6918-tests-Code-coverage-for-ssh_get_pubkey.patch
Patch20: backport-Fix-regression-in-IPv6-addresses-in-hostname-parsing.patch
BuildRequires: cmake gcc-c++ gnupg2 openssl-devel pkgconfig zlib-devel
BuildRequires: krb5-devel libcmocka-devel openssh-clients openssh-server
@ -113,6 +114,12 @@ popd
%doc CHANGELOG README
%changelog
* Tue Oct 29 2024 bitianyuan <bitianyuan@huawei.com> - 0.10.5-3
- Type:bugfix
- Id:NA
- SUG:NA
- DESC:Fix regression in IPv6 addresses in hostname parsing
* Thu Jan 4 2024 renmingshuai <renmingshuai@huawei.com> - 0.10.5-2
- Type:CVE
- Id:CVE-2023-6004,CVE-2023-48795,CVE-2023-6918