From 397686786d3996abffd6cbb5367348d2c6b3989a Mon Sep 17 00:00:00 2001 From: bitianyuan Date: Wed, 6 Nov 2024 15:37:55 +0800 Subject: [PATCH] Fix regression in IPv6 addresses in hostname parsing (cherry picked from commit 4a9e53777a033292422f276bd96101f040acf9c2) --- ...n-IPv6-addresses-in-hostname-parsing.patch | 138 ++++++++++++++++++ libssh.spec | 9 +- 2 files changed, 146 insertions(+), 1 deletion(-) create mode 100644 backport-Fix-regression-in-IPv6-addresses-in-hostname-parsing.patch diff --git a/backport-Fix-regression-in-IPv6-addresses-in-hostname-parsing.patch b/backport-Fix-regression-in-IPv6-addresses-in-hostname-parsing.patch new file mode 100644 index 0000000..3a8b62a --- /dev/null +++ b/backport-Fix-regression-in-IPv6-addresses-in-hostname-parsing.patch @@ -0,0 +1,138 @@ +From 4f997aee7c7d7ea346b3e8ba505da0b7601ff318 Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Fri, 22 Dec 2023 10:32:40 +0100 +Subject: Fix regression in IPv6 addresses in hostname parsing + +Signed-off-by: Jakub Jelen +Reviewed-by: Andreas Schneider + +Reference:https://git.libssh.org/projects/libssh.git/patch/?id=4f997aee7c7d7ea346b3e8ba505da0b7601ff318 +Conflict:NA + +--- + include/libssh/config_parser.h | 10 +++++++--- + src/config.c | 4 ++-- + src/config_parser.c | 16 +++++++++++----- + src/options.c | 10 ++-------- + 4 files changed, 22 insertions(+), 18 deletions(-) + +diff --git a/include/libssh/config_parser.h b/include/libssh/config_parser.h +index a7dd42a..256c63f 100644 +--- a/include/libssh/config_parser.h ++++ b/include/libssh/config_parser.h +@@ -30,6 +30,7 @@ + extern "C" { + #endif + ++#include + char *ssh_config_get_cmd(char **str); + + char *ssh_config_get_token(char **str); +@@ -49,14 +50,17 @@ int ssh_config_get_yesno(char **str, int notfound); + * be stored or NULL if we do not care about the result. + * @param[out] port Pointer to the location, where the new port will + * be stored or NULL if we do not care about the result. ++ * @param[in] ignore_port Set to true if the we should not attempt to parse ++ * port number. + * + * @returns SSH_OK if the provided string is in format of SSH URI, + * SSH_ERROR on failure + */ + int ssh_config_parse_uri(const char *tok, +- char **username, +- char **hostname, +- char **port); ++ char **username, ++ char **hostname, ++ char **port, ++ bool ignore_port); + + #ifdef __cplusplus + } +diff --git a/src/config.c b/src/config.c +index c5c4012..273db7c 100644 +--- a/src/config.c ++++ b/src/config.c +@@ -464,7 +464,7 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing) + } + if (parse_entry) { + /* We actually care only about the first item */ +- rv = ssh_config_parse_uri(cp, &username, &hostname, &port); ++ rv = ssh_config_parse_uri(cp, &username, &hostname, &port, false); + /* The rest of the list needs to be passed on */ + if (endp != NULL) { + next = strdup(endp + 1); +@@ -475,7 +475,7 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing) + } + } else { + /* The rest is just sanity-checked to avoid failures later */ +- rv = ssh_config_parse_uri(cp, NULL, NULL, NULL); ++ rv = ssh_config_parse_uri(cp, NULL, NULL, NULL, false); + } + if (rv != SSH_OK) { + goto out; +diff --git a/src/config_parser.c b/src/config_parser.c +index b8b9461..d4b2d2c 100644 +--- a/src/config_parser.c ++++ b/src/config_parser.c +@@ -162,9 +162,10 @@ int ssh_config_get_yesno(char **str, int notfound) + } + + int ssh_config_parse_uri(const char *tok, +- char **username, +- char **hostname, +- char **port) ++ char **username, ++ char **hostname, ++ char **port, ++ bool ignore_port) + { + char *endp = NULL; + long port_n; +@@ -210,12 +211,17 @@ int ssh_config_parse_uri(const char *tok, + if (endp == NULL) { + goto error; + } +- } else { +- /* Hostnames or aliases expand to the last colon or to the end */ ++ } else if (!ignore_port) { ++ /* Hostnames or aliases expand to the last colon (if port is requested) ++ * or to the end */ + endp = strrchr(tok, ':'); + if (endp == NULL) { + endp = strchr(tok, '\0'); + } ++ } else { ++ /* If no port is requested, expand to the end of line ++ * (to accommodate the IPv6 addresses) */ ++ endp = strchr(tok, '\0'); + } + if (tok == endp) { + /* Zero-length hostnames are not valid */ +diff --git a/src/options.c b/src/options.c +index 3851145..b3ecffe 100644 +--- a/src/options.c ++++ b/src/options.c +@@ -516,17 +516,11 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type, + ssh_set_error_invalid(session); + return -1; + } else { +- char *username = NULL, *hostname = NULL, *port = NULL; +- rc = ssh_config_parse_uri(value, &username, &hostname, &port); ++ char *username = NULL, *hostname = NULL; ++ rc = ssh_config_parse_uri(value, &username, &hostname, NULL, true); + if (rc != SSH_OK) { + return -1; + } +- if (port != NULL) { +- SAFE_FREE(username); +- SAFE_FREE(hostname); +- SAFE_FREE(port); +- return -1; +- } + if (username != NULL) { + SAFE_FREE(session->opts.username); + session->opts.username = username; +-- +2.43.0 + diff --git a/libssh.spec b/libssh.spec index 2fb34fc..720d1cd 100644 --- a/libssh.spec +++ b/libssh.spec @@ -1,6 +1,6 @@ Name: libssh Version: 0.10.5 -Release: 2 +Release: 3 Summary: A library implementing the SSH protocol License: LGPLv2+ URL: http://www.libssh.org @@ -28,6 +28,7 @@ Patch16: backport-0016-CVE-2023-6918-Remove-unused-evp-functions-and-type Patch17: backport-0017-CVE-2023-6918-Systematically-check-return-values-whe.patch Patch18: backport-0018-CVE-2023-6918-kdf-Detect-context-init-failures.patch Patch19: backport-0019-CVE-2023-6918-tests-Code-coverage-for-ssh_get_pubkey.patch +Patch20: backport-Fix-regression-in-IPv6-addresses-in-hostname-parsing.patch BuildRequires: cmake gcc-c++ gnupg2 openssl-devel pkgconfig zlib-devel BuildRequires: krb5-devel libcmocka-devel openssh-clients openssh-server @@ -113,6 +114,12 @@ popd %doc CHANGELOG README %changelog +* Tue Oct 29 2024 bitianyuan - 0.10.5-3 +- Type:bugfix +- Id:NA +- SUG:NA +- DESC:Fix regression in IPv6 addresses in hostname parsing + * Thu Jan 4 2024 renmingshuai - 0.10.5-2 - Type:CVE - Id:CVE-2023-6004,CVE-2023-48795,CVE-2023-6918 -- Gitee