Projects
Mega:24.03:SP1:Everything
libssh
_service:tar_scm:backport-0003-CVE-2023-6004-op...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:backport-0003-CVE-2023-6004-options-Simplify-the-hostname-parsing-.patch of Package libssh
From 8615c24647f773a5e04203c7459512715d698be1 Mon Sep 17 00:00:00 2001 From: Norbert Pocs <norbertpocs0@gmail.com> Date: Tue, 31 Oct 2023 09:48:52 +0100 Subject: [PATCH 03/20] CVE-2023-6004: options: Simplify the hostname parsing in ssh_options_set Using ssh_config_parse_uri can simplify the parsing of the host parsing inside the function of ssh_options_set Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com> --- src/options.c | 40 ++++++++++++++++------------------------ 1 file changed, 16 insertions(+), 24 deletions(-) diff --git a/src/options.c b/src/options.c index 6f2c9397..38511455 100644 --- a/src/options.c +++ b/src/options.c @@ -37,6 +37,7 @@ #include "libssh/session.h" #include "libssh/misc.h" #include "libssh/options.h" +#include "libssh/config_parser.h" #ifdef WITH_SERVER #include "libssh/server.h" #include "libssh/bind.h" @@ -515,33 +516,24 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type, ssh_set_error_invalid(session); return -1; } else { - q = strdup(value); - if (q == NULL) { - ssh_set_error_oom(session); + char *username = NULL, *hostname = NULL, *port = NULL; + rc = ssh_config_parse_uri(value, &username, &hostname, &port); + if (rc != SSH_OK) { return -1; } - p = strrchr(q, '@'); - - SAFE_FREE(session->opts.host); - - if (p) { - *p = '\0'; - session->opts.host = strdup(p + 1); - if (session->opts.host == NULL) { - SAFE_FREE(q); - ssh_set_error_oom(session); - return -1; - } - + if (port != NULL) { + SAFE_FREE(username); + SAFE_FREE(hostname); + SAFE_FREE(port); + return -1; + } + if (username != NULL) { SAFE_FREE(session->opts.username); - session->opts.username = strdup(q); - SAFE_FREE(q); - if (session->opts.username == NULL) { - ssh_set_error_oom(session); - return -1; - } - } else { - session->opts.host = q; + session->opts.username = username; + } + if (hostname != NULL) { + SAFE_FREE(session->opts.host); + session->opts.host = hostname; } } break; -- 2.33.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2