diff --git a/SOURCES/openssh-9.6p1-upstream-cve-2023-51385.patch b/SOURCES/openssh-9.6p1-upstream-cve-2023-51385.patch new file mode 100644 index 0000000..5441c38 --- /dev/null +++ b/SOURCES/openssh-9.6p1-upstream-cve-2023-51385.patch @@ -0,0 +1,56 @@ +--- ssh.c 2024-03-02 19:08:29.085655690 -0500 ++++ ssh.c 2024-03-02 19:14:10.889324532 -0500 +@@ -484,6 +484,41 @@ + } + } + ++static int ++valid_hostname(const char *s) ++{ ++ size_t i; ++ ++ if (*s == '-') ++ return 0; ++ for (i = 0; s[i] != 0; i++) { ++ if (strchr("'`\"$\\;&<>|(){}", s[i]) != NULL || ++ isspace((u_char)s[i]) || iscntrl((u_char)s[i])) ++ return 0; ++ } ++ return 1; ++} ++ ++static int ++valid_ruser(const char *s) ++{ ++ size_t i; ++ ++ if (*s == '-') ++ return 0; ++ for (i = 0; s[i] != 0; i++) { ++ if (strchr("'`\";&<>|(){}", s[i]) != NULL) ++ return 0; ++ /* Disallow '-' after whitespace */ ++ if (isspace((u_char)s[i]) && s[i + 1] == '-') ++ return 0; ++ /* Disallow \ in last position */ ++ if (s[i] == '\\' && s[i + 1] == '\0') ++ return 0; ++ } ++ return 1; ++} ++ + /* Rewrite the port number in an addrinfo list of addresses */ + static void + set_addrinfo_port(struct addrinfo *addrs, int port) +@@ -961,6 +996,11 @@ + if (!host) + usage(); + ++ if (!valid_hostname(host)) ++ fatal("hostname contains invalid characters"); ++ if (options.user != NULL && !valid_ruser(options.user)) ++ fatal("remote username contains invalid characters"); ++ + host_arg = xstrdup(host); + + #ifdef WITH_OPENSSL