Pedro Monreal Gonzalez
24b9d6f488
- Fix an issue with Encrypt-then-MAC family. [bsc#1221622]
* Test the ETM feature in the remote end's configuration when
receiving data. Upstream issue: #1331.
* Add libssh2_org-ETM-remote.patch
- Always add the KEX pseudo-methods "ext-info-c" and "kex-strict-c-v00@openssh.com"
when configuring custom method list. [bsc#1218971, CVE-2023-48795]
* The strict-kex extension is announced in the list of available
KEX methods. However, when the default KEX method list is modified
or replaced, the extension is not added back automatically.
* Add libssh2_org-CVE-2023-48795-ext.patch
OBS-URL: https://build.opensuse.org/request/show/1164237
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libssh2_org?expand=0&rev=77
27 lines
990 B
Diff
27 lines
990 B
Diff
From bde10825f1271769d56a0e99793da61d37abc23c Mon Sep 17 00:00:00 2001
|
|
From: Josef Cejka <jcejka@suse.com>
|
|
Date: Thu, 28 Mar 2024 23:38:47 +0100
|
|
Subject: [PATCH] transport: check ETM on remote end when receiving (#1332)
|
|
|
|
We should check if encrypt-then-MAC feature is enabled in remote end's
|
|
configuration.
|
|
|
|
Fixes #1331
|
|
---
|
|
src/transport.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/transport.c b/src/transport.c
|
|
index 531f5aa15a..af175d3fa1 100644
|
|
--- a/src/transport.c
|
|
+++ b/src/transport.c
|
|
@@ -425,7 +425,7 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session)
|
|
make the checks below work fine still */
|
|
}
|
|
|
|
- etm = encrypted && session->local.mac ? session->local.mac->etm : 0;
|
|
+ etm = encrypted && session->remote.mac ? session->remote.mac->etm : 0;
|
|
|
|
/* read/use a whole big chunk into a temporary area stored in
|
|
the LIBSSH2_SESSION struct. We will decrypt data from that
|