From 46ce9b29ea1045c0900da979769a8cb0078131df Mon Sep 17 00:00:00 2001
From: JonathanC8 <jonathancammack8@outlook.com>
Date: Mar 04 2024 00:45:27 +0000
Subject: Patched for cve-2023-51385 using upstream patch on version 9.6p1.


---

diff --git a/SOURCES/openssh-9.6p1-upstream-cve-2023-51385.patch b/SOURCES/openssh-9.6p1-upstream-cve-2023-51385.patch
new file mode 100644
index 0000000..5441c38
--- /dev/null
+++ b/SOURCES/openssh-9.6p1-upstream-cve-2023-51385.patch
@@ -0,0 +1,56 @@
+--- ssh.c	2024-03-02 19:08:29.085655690 -0500
++++ ssh.c	2024-03-02 19:14:10.889324532 -0500
+@@ -484,6 +484,41 @@
+ 	}
+ }
+ 
++static int
++valid_hostname(const char *s)
++{
++	size_t i;
++
++	if (*s == '-')
++		return 0;
++	for (i = 0; s[i] != 0; i++) {
++		if (strchr("'`\"$\\;&<>|(){}", s[i]) != NULL ||
++		    isspace((u_char)s[i]) || iscntrl((u_char)s[i]))
++			return 0;
++	}
++	return 1;
++}
++
++static int
++valid_ruser(const char *s)
++{
++	size_t i;
++
++	if (*s == '-')
++		return 0;
++	for (i = 0; s[i] != 0; i++) {
++		if (strchr("'`\";&<>|(){}", s[i]) != NULL)
++			return 0;
++		/* Disallow '-' after whitespace */
++		if (isspace((u_char)s[i]) && s[i + 1] == '-')
++			return 0;
++		/* Disallow \ in last position */
++		if (s[i] == '\\' && s[i + 1] == '\0')
++			return 0;
++	}
++	return 1;
++}
++
+ /* Rewrite the port number in an addrinfo list of addresses */
+ static void
+ set_addrinfo_port(struct addrinfo *addrs, int port)
+@@ -961,6 +996,11 @@
+ 	if (!host)
+ 		usage();
+ 
++	if (!valid_hostname(host))
++		fatal("hostname contains invalid characters");
++	if (options.user != NULL && !valid_ruser(options.user))
++		fatal("remote username contains invalid characters");
++
+ 	host_arg = xstrdup(host);
+ 
+ #ifdef WITH_OPENSSL