libssh/backport-0001-CVE-2023-1667-packet_cb-Log-more-verbose-error-if-si.patch

From a30339d7b16da7784413e4a4667feb3604ed0458 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 10 Mar 2023 16:14:08 +0100
Subject: [PATCH] CVE-2023-1667:packet_cb: Log more verbose error if signature
 verification fails

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---

Conflict:NA
Reference:https://gitlab.com/libssh/libssh-mirror/commit/a30339d7b16da7784413e4a4667feb3604ed0458

---
 src/packet_cb.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/packet_cb.c b/src/packet_cb.c
index 39575b1..3e4d5f6 100644
--- a/src/packet_cb.c
+++ b/src/packet_cb.c
@@ -156,6 +156,9 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
                                   session->next_crypto->digest_len);
     SSH_SIGNATURE_FREE(sig);
     if (rc == SSH_ERROR) {
+      ssh_set_error(session,
+                    SSH_FATAL,
+                    "Failed to verify server hostkey signature");
       goto error;
     }
     SSH_LOG(SSH_LOG_PROTOCOL,"Signature verified and valid");
-- 
2.33.0