blob: c0bca9a56eddb3511c5941b2d4f058c3209b8cfe (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
From 8e21b1a05f3c0ee098dbcb6c3d84cb61f102a122 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 8 May 2023 14:33:54 +0200
Subject: [PATCH] libssh2: free fingerprint better
Reported-by: Wei Chong Tan
Closes #11088
CVE: CVE-2023-28319
Upstream-Status: Backport [https://github.com/curl/curl/commit/8e21b1a05f3c0ee098dbcb6c]
Comments: Hunks Refreshed
Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
---
lib/vssh/libssh2.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c
index bfcc94e160178..dd39a844c646b 100644
--- a/lib/vssh/libssh2.c
+++ b/lib/vssh/libssh2.c
@@ -695,11 +695,10 @@
*/
if((pub_pos != b64_pos) ||
Curl_strncasecompare(fingerprint_b64, pubkey_sha256, pub_pos) != 1) {
- free(fingerprint_b64);
-
failf(data,
"Denied establishing ssh session: mismatch sha256 fingerprint. "
"Remote %s is not equal to %s", fingerprint_b64, pubkey_sha256);
+ free(fingerprint_b64);
state(data, SSH_SESSION_FREE);
sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
return sshc->actualcode;
|
