File libssh2_org-CVE-2023-48795-ext.patch of Package libssh2_org.33177

Overview Repositories Revisions Requests Users Attributes Meta

File libssh2_org-CVE-2023-48795-ext.patch of Package libssh2_org.33177

From 59786b186d4de8fd6cd5aeebedbce2362a849566 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C4=8Cejka?= <jcejka@suse.cz>
Date: Tue, 6 Feb 2024 15:14:29 +0100
Subject: [PATCH] Always add extension indicators to kex_algorithms

KEX pseudo-methods "ext-info-c" and "kex-strict-c-v00@openssh.com"
are in default kex method list but they were lost
after configuring custom kex method list in libssh2_session_method_pref().
---
 src/kex.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/src/kex.c b/src/kex.c
index 8c65a0fe..1d1dadfa 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -4027,13 +4027,25 @@ libssh2_session_method_pref(LIBSSH2_SESSION * session, int method_type,
                             const char *prefs)
 {
     char **prefvar, *s, *newprefs;
+    char *tmpprefs = NULL;
     size_t prefs_len = strlen(prefs);
     const LIBSSH2_COMMON_METHOD **mlist;
+    const char *kex_extensions = "ext-info-c,kex-strict-c-v00@openssh.com,";
+    size_t kex_extensions_len = strlen(kex_extensions);
 
     switch(method_type) {
     case LIBSSH2_METHOD_KEX:
         prefvar = &session->kex_prefs;
         mlist = (const LIBSSH2_COMMON_METHOD **)libssh2_kex_methods;
+        tmpprefs = LIBSSH2_ALLOC(session, kex_extensions_len + prefs_len + 1);
+        if(!tmpprefs) {
+            return _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
+                                  "Error allocated space for kex method preferences");
+        }
+        memcpy(tmpprefs, kex_extensions, kex_extensions_len);
+        memcpy(tmpprefs + kex_extensions_len, prefs, prefs_len + 1);
+        prefs = tmpprefs;
+        prefs_len = strlen(prefs);
         break;
 
     case LIBSSH2_METHOD_HOSTKEY:
@@ -4093,6 +4105,9 @@ libssh2_session_method_pref(LIBSSH2_SESSION * session, int method_type,
 
     s = newprefs = LIBSSH2_ALLOC(session, prefs_len + 1);
     if(!newprefs) {
+        if (tmpprefs) {
+            LIBSSH2_FREE(session, tmpprefs);
+        }
         return _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
                               "Error allocated space for method preferences");
     }
@@ -4121,6 +4136,10 @@ libssh2_session_method_pref(LIBSSH2_SESSION * session, int method_type,
         }
     }
 
+    if (tmpprefs) {
+        LIBSSH2_FREE(session, tmpprefs);
+    }
+
     if(!*newprefs) {
         LIBSSH2_FREE(session, newprefs);
         return _libssh2_error(session, LIBSSH2_ERROR_METHOD_NOT_SUPPORTED,
-- 
2.26.2

Places

File libssh2_org-CVE-2023-48795-ext.patch of Package libssh2_org.33177

Places