master

分支 (26)

标签 (21)

管理

管理

master

openEuler-25.03

openEuler-24.03-LTS-SP1

openEuler-24.03-LTS

openEuler-24.03-LTS-Next

openEuler-22.03-LTS

openEuler-22.03-LTS-Next

openEuler-22.03-LTS-SP4

openEuler-22.03-LTS-SP2

openEuler-22.03-LTS-SP3

openEuler-22.03-LTS-SP1

openEuler-20.03-LTS-SP4

openEuler-20.03-LTS-SP3

openEuler-24.09

openEuler-20.03-LTS-SP1

openEuler-23.09

openEuler-23.03

openEuler-22.09

openEuler-20.03-LTS-SP2

openEuler-20.03-LTS-Next

openEuler-24.03-LTS-SP1-release

openEuler-22.03-LTS-SP4-release

openEuler-24.09-release

openEuler-24.03-LTS-release

openEuler-22.03-LTS-SP3-release

openEuler-23.09-rc5

openEuler-22.03-LTS-SP1-release

openEuler-22.09-release

openEuler-22.09-rc5

openEuler-22.09-20220829

openEuler-22.03-LTS-20220331

openEuler-22.03-LTS-round5

openEuler-22.03-LTS-round3

openEuler-22.03-LTS-round2

openEuler-22.03-LTS-round1

openEuler-20.03-LTS-SP3-release

openEuler-20.03-LTS-SP2-20210624

openEuler-21.03-20210330

openEuler-20.09-20200929

openEuler-20.03-LTS-20200606

libssh
/
backport-0003-CVE-2023-6004-options-S...

From 8615c24647f773a5e04203c7459512715d698be1 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <norbertpocs0@gmail.com>
Date: Tue, 31 Oct 2023 09:48:52 +0100
Subject: [PATCH 03/20] CVE-2023-6004: options: Simplify the hostname parsing
 in ssh_options_set

Using ssh_config_parse_uri can simplify the parsing of the host
parsing inside the function of ssh_options_set

Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
 src/options.c | 40 ++++++++++++++++------------------------
 1 file changed, 16 insertions(+), 24 deletions(-)

diff --git a/src/options.c b/src/options.c
index 6f2c9397..38511455 100644
--- a/src/options.c
+++ b/src/options.c
@@ -37,6 +37,7 @@
 #include "libssh/session.h"
 #include "libssh/misc.h"
 #include "libssh/options.h"
+#include "libssh/config_parser.h"
 #ifdef WITH_SERVER
 #include "libssh/server.h"
 #include "libssh/bind.h"
@@ -515,33 +516,24 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
                 ssh_set_error_invalid(session);
                 return -1;
             } else {
-                q = strdup(value);
-                if (q == NULL) {
-                    ssh_set_error_oom(session);
+                char *username = NULL, *hostname = NULL, *port = NULL;
+                rc = ssh_config_parse_uri(value, &username, &hostname, &port);
+                if (rc != SSH_OK) {
                     return -1;
                 }
-                p = strrchr(q, '@');
-
-                SAFE_FREE(session->opts.host);
-
-                if (p) {
-                    *p = '\0';
-                    session->opts.host = strdup(p + 1);
-                    if (session->opts.host == NULL) {
-                        SAFE_FREE(q);
-                        ssh_set_error_oom(session);
-                        return -1;
-                    }
-
+                if (port != NULL) {
+                    SAFE_FREE(username);
+                    SAFE_FREE(hostname);
+                    SAFE_FREE(port);
+                    return -1;
+                }
+                if (username != NULL) {
                     SAFE_FREE(session->opts.username);
-                    session->opts.username = strdup(q);
-                    SAFE_FREE(q);
-                    if (session->opts.username == NULL) {
-                        ssh_set_error_oom(session);
-                        return -1;
-                    }
-                } else {
-                    session->opts.host = q;
+                    session->opts.username = username;
+                }
+                if (hostname != NULL) {
+                    SAFE_FREE(session->opts.host);
+                    session->opts.host = hostname;
                 }
             }
             break;
--
2.33.0