From b040856ccfde1a5d4c21791f46ca6ee00c21a47b Mon Sep 17 00:00:00 2001

From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Date: Tue, 2 Jul 2019 10:21:15 +0200

Subject: [PATCH 1/6] knownhosts: Fix possible memory leak

The memory allocated for host_port can leak if the global knownhosts

file is unaccessible.

Found by address sanitizer build in CI.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Reviewed-by: Jakub Jelen <jjelen@redhat.com>

(cherry picked from commit fe248414fec1e654e4ee1259927d68777dd870ae)

---

 src/knownhosts.c | 4 +++-

 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/knownhosts.c b/src/knownhosts.c

index 8a4a8ba7..9383cc97 100644

--- a/src/knownhosts.c

+++ b/src/knownhosts.c

@@ -706,13 +706,15 @@ enum ssh_known_hosts_e ssh_session_has_known_hosts_entry(ssh_session session)

         rc = ssh_known_hosts_read_entries(host_port,

                                           session->opts.global_knownhosts,

                                           &entry_list);

-        SAFE_FREE(host_port);

         if (rc != 0) {

+            SAFE_FREE(host_port);

             ssh_list_free(entry_list);

             return SSH_KNOWN_HOSTS_ERROR;

         }

     }

+    SAFE_FREE(host_port);

+

     if (ssh_list_count(entry_list) == 0) {

         ssh_list_free(entry_list);

         return SSH_KNOWN_HOSTS_UNKNOWN;

-- 

2.21.0

From 7ff0af75436ee6e549907dd563e968b92f7f8db2 Mon Sep 17 00:00:00 2001

From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Date: Fri, 28 Jun 2019 13:19:51 +0200

Subject: [PATCH 2/6] tests: Check if known_hosts works with single

 unaccessible file

Make sure known hosts check works when local known_hosts file is

unaccessible, but the host is present in global known_hosts file.

Remove double return value check in previous existing test.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Reviewed-by: Jakub Jelen <jjelen@redhat.com>

(cherry picked from commit ad68de7271e6ccda261df4d9fc827321e7d90fd0)

---

 tests/unittests/torture_knownhosts_parsing.c | 19 +++++++++++--------

 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/tests/unittests/torture_knownhosts_parsing.c b/tests/unittests/torture_knownhosts_parsing.c

index ac8d7f31..a087caef 100644

--- a/tests/unittests/torture_knownhosts_parsing.c

+++ b/tests/unittests/torture_knownhosts_parsing.c

@@ -384,22 +384,19 @@ static void torture_knownhosts_host_exists(void **state)

     /* This makes sure the system's known_hosts are not used */

     ssh_options_set(session, SSH_OPTIONS_GLOBAL_KNOWNHOSTS, "/dev/null");

-

     found = ssh_session_has_known_hosts_entry(session);

     assert_int_equal(found, SSH_KNOWN_HOSTS_OK);

-    assert_true(found == SSH_KNOWN_HOSTS_OK);

     /* This makes sure the check will not fail when the system's known_hosts is

      * not accessible*/

     ssh_options_set(session, SSH_OPTIONS_GLOBAL_KNOWNHOSTS, "./unaccessible");

-

     found = ssh_session_has_known_hosts_entry(session);

     assert_int_equal(found, SSH_KNOWN_HOSTS_OK);

-    assert_true(found == SSH_KNOWN_HOSTS_OK);

+    /* This makes sure the check will fail for an unknown host */

     ssh_options_set(session, SSH_OPTIONS_HOST, "wurstbrot");

     found = ssh_session_has_known_hosts_entry(session);

-    assert_true(found == SSH_KNOWN_HOSTS_UNKNOWN);

+    assert_int_equal(found, SSH_KNOWN_HOSTS_UNKNOWN);

     ssh_free(session);

 }

@@ -414,17 +411,23 @@ static void torture_knownhosts_host_exists_global(void **state)

     assert_non_null(session);

     ssh_options_set(session, SSH_OPTIONS_HOST, "localhost");

+    ssh_options_set(session, SSH_OPTIONS_GLOBAL_KNOWNHOSTS, knownhosts_file);

+

     /* This makes sure the user's known_hosts are not used */

     ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, "/dev/null");

-    ssh_options_set(session, SSH_OPTIONS_GLOBAL_KNOWNHOSTS, knownhosts_file);

+    found = ssh_session_has_known_hosts_entry(session);

+    assert_int_equal(found, SSH_KNOWN_HOSTS_OK);

+    /* This makes sure the check will not fail when the user's known_hosts is

+     * not accessible*/

+    ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, "./unaccessible");

     found = ssh_session_has_known_hosts_entry(session);

     assert_int_equal(found, SSH_KNOWN_HOSTS_OK);

-    assert_true(found == SSH_KNOWN_HOSTS_OK);

+    /* This makes sure the check will fail for an unknown host */

     ssh_options_set(session, SSH_OPTIONS_HOST, "wurstbrot");

     found = ssh_session_has_known_hosts_entry(session);

-    assert_true(found == SSH_KNOWN_HOSTS_UNKNOWN);

+    assert_int_equal(found, SSH_KNOWN_HOSTS_UNKNOWN);

     ssh_free(session);

 }

-- 

2.21.0

From b9530cedbeb169762307096dfeb485ab94e09740 Mon Sep 17 00:00:00 2001

From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Date: Fri, 28 Jun 2019 13:27:34 +0200

Subject: [PATCH 3/6] knownhosts: Read knownhosts file only if found

Avoid trying to open the files if they are not accessible.  This was

already treated as a non-error, but with this we save one function call.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Reviewed-by: Jakub Jelen <jjelen@redhat.com>

(cherry picked from commit e5a64a3d6b1b601cbaf207468a6658d1a4fa0031)

---

 src/knownhosts.c | 4 ++--

 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/knownhosts.c b/src/knownhosts.c

index 9383cc97..8040a0c0 100644

--- a/src/knownhosts.c

+++ b/src/knownhosts.c

@@ -691,7 +691,7 @@ enum ssh_known_hosts_e ssh_session_has_known_hosts_entry(ssh_session session)

         return SSH_KNOWN_HOSTS_ERROR;

     }

-    if (session->opts.knownhosts != NULL) {

+    if (known_hosts_found) {

         rc = ssh_known_hosts_read_entries(host_port,

                                           session->opts.knownhosts,

                                           &entry_list);

@@ -702,7 +702,7 @@ enum ssh_known_hosts_e ssh_session_has_known_hosts_entry(ssh_session session)

         }

     }

-    if (session->opts.global_knownhosts != NULL) {

+    if (global_known_hosts_found) {

         rc = ssh_known_hosts_read_entries(host_port,

                                           session->opts.global_knownhosts,

                                           &entry_list);

-- 

2.21.0

From aaa978ad06ebdeff88a39b9a894696254263162c Mon Sep 17 00:00:00 2001

From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Date: Fri, 28 Jun 2019 22:35:38 +0200

Subject: [PATCH 4/6] token: Added function to remove duplicates

Added a function to remove duplicates from lists.  This function is used

in a new provided function to append lists removing duplicates.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Reviewed-by: Jakub Jelen <jjelen@redhat.com>

(cherry picked from commit 548753b3389518ebce98a7ddbf0640db3ad72de8)

---

 include/libssh/token.h           |   6 +-

 src/token.c                      | 152 ++++++++++++++++++++++++++++++-

 tests/unittests/torture_tokens.c | 122 +++++++++++++++++++++++++

 3 files changed, 278 insertions(+), 2 deletions(-)

diff --git a/include/libssh/token.h b/include/libssh/token.h

index 7b244189..9896fb06 100644

--- a/include/libssh/token.h

+++ b/include/libssh/token.h

@@ -38,7 +38,11 @@ void ssh_tokens_free(struct ssh_tokens_st *tokens);

 char *ssh_find_matching(const char *available_d,

                         const char *preferred_d);

-

 char *ssh_find_all_matching(const char *available_d,

                             const char *preferred_d);

+

+char *ssh_remove_duplicates(const char *list);

+

+char *ssh_append_without_duplicates(const char *list,

+                                    const char *appended_list);

 #endif /* TOKEN_H_ */

diff --git a/src/token.c b/src/token.c

index aee235ac..0924d3bd 100644

--- a/src/token.c

+++ b/src/token.c

@@ -26,6 +26,7 @@

 #include <stdio.h>

 #include <string.h>

+#include <stdbool.h>

 #include "libssh/priv.h"

 #include "libssh/token.h"

@@ -175,7 +176,7 @@ char *ssh_find_matching(const char *available_list,

     for (i = 0; p_tok->tokens[i]; i++) {

         for (j = 0; a_tok->tokens[j]; j++) {

-            if (strcmp(a_tok->tokens[j], p_tok->tokens[i]) == 0){

+            if (strcmp(a_tok->tokens[j], p_tok->tokens[i]) == 0) {

                 ret = strdup(a_tok->tokens[j]);

                 goto out;

             }

@@ -260,3 +261,152 @@ out:

     ssh_tokens_free(p_tok);

     return ret;

 }

+

+/**

+ * @internal

+ *

+ * @brief Given a string containing a list of elements, remove all duplicates

+ * and return in a newly allocated string.

+ *

+ * @param[in] list  The list to be freed of duplicates

+ *

+ * @return  A newly allocated copy of the string free of duplicates; NULL in

+ * case of error.

+ */

+char *ssh_remove_duplicates(const char *list)

+{

+    struct ssh_tokens_st *tok = NULL;

+

+    size_t i, j, num_tokens, max_len;

+    char *ret = NULL;

+    bool *should_copy = NULL, need_comma = false;

+

+    if (list == NULL) {

+        return NULL;

+    }

+

+    /* The maximum number of tokens is the size of the list */

+    max_len = strlen(list);

+    if (max_len == 0) {

+        return NULL;

+    }

+

+    /* Add space for ending '\0' */

+    max_len++;

+

+    tok = ssh_tokenize(list, ',');

+    if ((tok == NULL) || (tok->tokens == NULL) || (tok->tokens[0] == NULL)) {

+        goto out;

+    }

+

+    should_copy = calloc(1, max_len);

+    if (should_copy == NULL) {

+        goto out;

+    }

+

+    if (strlen(tok->tokens[0]) > 0) {

+        should_copy[0] = true;

+    }

+

+    for (i = 1; tok->tokens[i]; i++) {

+        for (j = 0; j < i; j++) {

+            if (strcmp(tok->tokens[i], tok->tokens[j]) == 0) {

+                /* Found a duplicate; do not copy */

+                should_copy[i] = false;

+                break;

+            }

+        }

+

+        /* No matching token before */

+        if (j == i) {

+            /* Only copy if it is not an empty string */

+            if (strlen(tok->tokens[i]) > 0) {

+                should_copy[i] = true;

+            } else {

+                should_copy[i] = false;

+            }

+        }

+    }

+

+    num_tokens = i;

+

+    ret = calloc(1, max_len);

+    if (ret == NULL) {

+        goto out;

+    }

+

+    for (i = 0; i < num_tokens; i++) {

+        if (should_copy[i]) {

+            if (need_comma) {

+                strncat(ret, ",", (max_len - strlen(ret) - 1));

+            }

+            strncat(ret, tok->tokens[i], (max_len - strlen(ret) - 1));

+            need_comma = true;

+        }

+    }

+

+    /* If no comma is needed, nothing was copied */

+    if (!need_comma) {

+        SAFE_FREE(ret);

+    }

+

+out:

+    SAFE_FREE(should_copy);

+    ssh_tokens_free(tok);

+    return ret;

+}

+

+/**

+ * @internal

+ *

+ * @brief Given two strings containing lists of tokens, return a newly

+ * allocated string containing all the elements of the first list appended with

+ * all the elements of the second list, without duplicates. The order of the

+ * elements will be preserved.

+ *

+ * @param[in] list             The first list

+ * @param[in] appended_list    The list to be appended

+ *

+ * @return  A newly allocated copy list containing all the elements of the

+ * kept_list appended with the elements of the appended_list without duplicates;

+ * NULL in case of error.

+ */

+char *ssh_append_without_duplicates(const char *list,

+                                    const char *appended_list)

+{

+    size_t concat_len = 0;

+    char *ret = NULL, *concat = NULL;

+

+    if (list != NULL) {

+        concat_len = strlen(list);

+    }

+

+    if (appended_list != NULL) {

+        concat_len += strlen(appended_list);

+    }

+

+    if (concat_len == 0) {

+        return NULL;

+    }

+

+    /* Add room for ending '\0' and for middle ',' */

+    concat_len += 2;

+    concat = calloc(1, concat_len);

+    if (concat == NULL) {

+        return NULL;

+    }

+

+    if (list != NULL) {

+        strcpy(concat, list);

+        strncat(concat, ",", concat_len - strlen(concat) - 1);

+    }

+    if (appended_list != NULL) {

+        strncat(concat, appended_list, concat_len - strlen(concat) - 1);

+    }

+

+    ret = ssh_remove_duplicates(concat);

+

+    SAFE_FREE(concat);

+

+    return ret;

+}

diff --git a/tests/unittests/torture_tokens.c b/tests/unittests/torture_tokens.c

index e192842f..6b52b847 100644

--- a/tests/unittests/torture_tokens.c

+++ b/tests/unittests/torture_tokens.c

@@ -146,6 +146,126 @@ static void torture_tokens_sanity(UNUSED_PARAM(void **state))

     tokenize_compare_expected(",", single_colon, 1);

 }

+static void torture_remove_duplicate(UNUSED_PARAM(void **state))

+{

+

+    const char *simple[] = {"a,a,b,b,c,c",

+                            "a,b,c,a,b,c",

+                            "a,b,c,c,b,a",

+                            "a,a,,b,b,,c,c",

+                            ",a,a,b,b,c,c",

+                            "a,a,b,b,c,c,"};

+    const char *empty[] = {"",

+                           ",,,,,,,,,",

+                           NULL};

+    char *ret = NULL;

+    int i;

+

+    for (i = 0; i < 6; i++) {

+        ret = ssh_remove_duplicates(simple[i]);

+        assert_non_null(ret);

+        assert_string_equal("a,b,c", ret);

+        printf("simple[%d] resulted in '%s'\n", i, ret);

+        SAFE_FREE(ret);

+    }

+

+    for (i = 0; i < 3; i++) {

+        ret = ssh_remove_duplicates(empty[i]);

+        if (ret != NULL) {

+            printf("empty[%d] resulted in '%s'\n", i, ret);

+        }

+        assert_null(ret);

+    }

+

+    ret = ssh_remove_duplicates("a");

+    assert_non_null(ret);

+    assert_string_equal("a", ret);

+    SAFE_FREE(ret);

+}

+

+static void torture_append_without_duplicate(UNUSED_PARAM(void **state))

+{

+    const char *s1[] = {"a,a,b,b,c,c",

+                        "a,b,c,a,b,c",

+                        "a,b,c,c,b,a",

+                        "a,a,,b,b,,c,c",

+                        ",a,a,b,b,c,c",

+                        "a,a,b,b,c,c,"};

+    const char *s2[] = {"a,a,b,b,c,c,d,d",

+                        "a,b,c,d,a,b,c,d",

+                        "a,b,c,d,d,c,b,a",

+                        "a,a,,b,b,,c,c,,d,d",

+                        ",a,a,b,b,c,c,d,d",

+                        "a,a,b,b,c,c,d,d,",

+                        "d"};

+    const char *empty[] = {"",

+                           ",,,,,,,,,",

+                           NULL,

+                           NULL};

+    char *ret = NULL;

+    int i, j;

+

+    ret = ssh_append_without_duplicates("a", "a");

+    assert_non_null(ret);

+    assert_string_equal("a", ret);

+    SAFE_FREE(ret);

+

+    ret = ssh_append_without_duplicates("a", "b");

+    assert_non_null(ret);

+    assert_string_equal("a,b", ret);

+    SAFE_FREE(ret);

+

+    ret = ssh_append_without_duplicates("a", NULL);

+    assert_non_null(ret);

+    assert_string_equal("a", ret);

+    SAFE_FREE(ret);

+

+    ret = ssh_append_without_duplicates(NULL, "b");

+    assert_non_null(ret);

+    assert_string_equal("b", ret);

+    SAFE_FREE(ret);

+

+    for (i = 0; i < 6; i++) {

+        for (j = 0; j < 7; j++) {

+            ret = ssh_append_without_duplicates(s1[i], s2[j]);

+            assert_non_null(ret);

+            printf("s1[%d] + s2[%d] resulted in '%s'\n", i, j, ret);

+            assert_string_equal("a,b,c,d", ret);

+            SAFE_FREE(ret);

+        }

+    }

+

+    for (i = 0; i < 6; i++) {

+        for (j = 0; j < 3; j++) {

+            ret = ssh_append_without_duplicates(s1[i], empty[j]);

+            assert_non_null(ret);

+            printf("s1[%d] + empty[%d] resulted in '%s'\n", i, j, ret);

+            assert_string_equal("a,b,c", ret);

+            SAFE_FREE(ret);

+        }

+    }

+

+    for (i = 0; i < 3; i++) {

+        for (j = 0; j < 6; j++) {

+            ret = ssh_append_without_duplicates(empty[i], s1[j]);

+            assert_non_null(ret);

+            printf("empty[%d] + s1[%d] resulted in '%s'\n", i, j, ret);

+            assert_string_equal("a,b,c", ret);

+            SAFE_FREE(ret);

+        }

+    }

+    for (i = 0; i < 4; i++) {

+        for (j = 0; j < 4; j++) {

+            ret = ssh_append_without_duplicates(empty[i], empty[j]);

+            if (ret != NULL) {

+                printf("empty[%d] + empty[%d] resulted in '%s'\n", i, j, ret);

+            }

+            assert_null(ret);

+        }

+    }

+}

+

+

 int torture_run_tests(void)

 {

     int rc;

@@ -153,6 +273,8 @@ int torture_run_tests(void)

         cmocka_unit_test(torture_tokens_sanity),

         cmocka_unit_test(torture_find_matching),

         cmocka_unit_test(torture_find_all_matching),

+        cmocka_unit_test(torture_remove_duplicate),

+        cmocka_unit_test(torture_append_without_duplicate),

     };

     ssh_init();

-- 

2.21.0

From fa3caa61fdb39269cd78c4919df515b71991d231 Mon Sep 17 00:00:00 2001

From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Date: Tue, 2 Jul 2019 13:48:17 +0200

Subject: [PATCH 5/6] knownhosts: Introduced

 ssh_known_hosts_get_algorithms_names()

The added internal function obtain a newly allocated string containing a

list of the signature types that can be generated by the keys present in

the known_hosts files, separated by commas.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Reviewed-by: Jakub Jelen <jjelen@redhat.com>

(cherry picked from commit 65a38759ca872e8bec0158ab3676e74b6afd336f)

---

 include/libssh/knownhosts.h                  |   1 +

 src/knownhosts.c                             | 141 +++++++++++++++++++

 tests/unittests/torture_knownhosts_parsing.c |  28 ++++

 3 files changed, 170 insertions(+)

diff --git a/include/libssh/knownhosts.h b/include/libssh/knownhosts.h

index dcaa6c24..44e434c0 100644

--- a/include/libssh/knownhosts.h

+++ b/include/libssh/knownhosts.h

@@ -23,6 +23,7 @@

 #define SSH_KNOWNHOSTS_H_

 struct ssh_list *ssh_known_hosts_get_algorithms(ssh_session session);

+char *ssh_known_hosts_get_algorithms_names(ssh_session session);

 enum ssh_known_hosts_e

 ssh_session_get_known_hosts_entry_file(ssh_session session,

                                        const char *filename,

diff --git a/src/knownhosts.c b/src/knownhosts.c

index 8040a0c0..cf9d8a6b 100644

--- a/src/knownhosts.c

+++ b/src/knownhosts.c

@@ -42,6 +42,7 @@

 #include "libssh/pki.h"

 #include "libssh/dh.h"

 #include "libssh/knownhosts.h"

+#include "libssh/token.h"

 /**

  * @addtogroup libssh_session

@@ -451,6 +452,146 @@ error:

     return NULL;

 }

+/**

+ * @internal

+ *

+ * @brief   Returns a static string containing a list of the signature types the

+ * given key type can generate.

+ *

+ * @returns A static cstring containing the signature types the key is able to

+ * generate separated by commas; NULL in case of error

+ */

+static const char *ssh_known_host_sigs_from_hostkey_type(enum ssh_keytypes_e type)

+{

+    switch (type) {

+    case SSH_KEYTYPE_RSA:

+        return "rsa-sha2-512,rsa-sha2-256,ssh-rsa";

+    case SSH_KEYTYPE_ED25519:

+        return "ssh-ed25519";

+#ifdef HAVE_DSA

+    case SSH_KEYTYPE_DSS:

+        return "ssh-dss";

+#endif

+#ifdef HAVE_ECDH

+    case SSH_KEYTYPE_ECDSA_P256:

+        return "ecdsa-sha2-nistp256";

+    case SSH_KEYTYPE_ECDSA_P384:

+        return "ecdsa-sha2-nistp384";

+    case SSH_KEYTYPE_ECDSA_P521:

+        return "ecdsa-sha2-nistp521";

+#endif

+    case SSH_KEYTYPE_UNKNOWN:

+    default:

+        SSH_LOG(SSH_LOG_WARN, "The given type %d is not a base private key type "

+                "or is unsupported", type);

+        return NULL;

+    }

+}

+

+/**

+ * @internal

+ * @brief Get the host keys algorithms identifiers from the known_hosts files

+ *

+ * This expands the signatures types that can be generated from the keys types

+ * present in the known_hosts files

+ *

+ * @param[in]  session  The ssh session to use.

+ *

+ * @return A newly allocated cstring containing a list of signature algorithms

+ * that can be generated by the host using the keys listed in the known_hosts

+ * files, NULL on error.

+ */

+char *ssh_known_hosts_get_algorithms_names(ssh_session session)

+{

+    char methods_buffer[256 + 1] = {0};

+    struct ssh_list *entry_list = NULL;

+    struct ssh_iterator *it = NULL;

+    char *host_port = NULL;

+    size_t count;

+    bool needcomma = false;

+    char *names;

+

+    int rc;

+

+    if (session->opts.knownhosts == NULL ||

+        session->opts.global_knownhosts == NULL) {

+        if (ssh_options_apply(session) < 0) {

+            ssh_set_error(session,

+                          SSH_REQUEST_DENIED,

+                          "Can't find a known_hosts file");

+

+            return NULL;

+        }

+    }

+

+    host_port = ssh_session_get_host_port(session);

+    if (host_port == NULL) {

+        return NULL;

+    }

+

+    rc = ssh_known_hosts_read_entries(host_port,

+                                      session->opts.knownhosts,

+                                      &entry_list);

+    if (rc != 0) {

+        SAFE_FREE(host_port);

+        ssh_list_free(entry_list);

+        return NULL;

+    }

+

+    rc = ssh_known_hosts_read_entries(host_port,

+                                      session->opts.global_knownhosts,

+                                      &entry_list);

+    SAFE_FREE(host_port);

+    if (rc != 0) {

+        ssh_list_free(entry_list);

+        return NULL;

+    }

+

+    if (entry_list == NULL) {

+        return NULL;

+    }

+

+    count = ssh_list_count(entry_list);

+    if (count == 0) {

+        ssh_list_free(entry_list);

+        return NULL;

+    }

+

+    for (it = ssh_list_get_iterator(entry_list);

+         it != NULL;

+         it = ssh_list_get_iterator(entry_list))

+    {

+        struct ssh_knownhosts_entry *entry = NULL;

+        const char *algo = NULL;

+

+        entry = ssh_iterator_value(struct ssh_knownhosts_entry *, it);

+        algo = ssh_known_host_sigs_from_hostkey_type(entry->publickey->type);

+        if (algo == NULL) {

+            continue;

+        }

+

+        if (needcomma) {

+            strncat(methods_buffer,

+                    ",",

+                    sizeof(methods_buffer) - strlen(methods_buffer) - 1);

+        }

+

+        strncat(methods_buffer,

+                algo,

+                sizeof(methods_buffer) - strlen(methods_buffer) - 1);

+        needcomma = true;

+

+        ssh_knownhosts_entry_free(entry);

+        ssh_list_remove(entry_list, it);

+    }

+

+    ssh_list_free(entry_list);

+

+    names = ssh_remove_duplicates(methods_buffer);

+

+    return names;

+}

+

 /**

  * @brief Parse a line from a known_hosts entry into a structure

  *

diff --git a/tests/unittests/torture_knownhosts_parsing.c b/tests/unittests/torture_knownhosts_parsing.c

index a087caef..6952e858 100644

--- a/tests/unittests/torture_knownhosts_parsing.c

+++ b/tests/unittests/torture_knownhosts_parsing.c

@@ -369,6 +369,31 @@ static void torture_knownhosts_read_file(void **state)

     ssh_list_free(entry_list);

 }

+static void torture_knownhosts_get_algorithms_names(void **state)

+{

+    const char *knownhosts_file = *state;

+    ssh_session session;

+    const char *expect = "ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa";

+    char *names = NULL;

+    bool process_config = false;

+