packages/libssh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
libssh/backport-0002-CVE-2023-1667-packet-Do-not-allow-servers-to-initiat.patch
renmingshuai df87af5d4e fix CVE-2023-1667 and CVE-2023-2283
2023-05-24 16:57:15 +08:00

36 lines
1.1 KiB
Diff
Raw Blame History

From 247a4a761cfa745ed1090290c5107de6321143c9 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 14 Mar 2023 11:35:43 +0100
Subject: [PATCH] CVE-2023-1667:packet: Do not allow servers to initiate
handshake
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Conflict:NA
Reference:https://gitlab.com/libssh/libssh-mirror/commit/247a4a761cfa745ed1090290c5107de6321143c9
---
src/packet.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/packet.c b/src/packet.c
index 60fc7fa3..eb7eb42a 100644
--- a/src/packet.c
+++ b/src/packet.c
@@ -366,6 +366,11 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se
* - session->dh_handshake_state = DH_STATE_NEWKEYS_SENT
* */
+ if (!session->server) {
+ rc = SSH_PACKET_DENIED;
+ break;
+ }
+
if (session->session_state != SSH_SESSION_STATE_DH) {
rc = SSH_PACKET_DENIED;
break;
--
2.23.0
Reference in New Issue View Git Blame Copy Permalink