forked from rpms/openssh
745da74ea2
Resolves: CVE-2023-25136 Remove too aggressive coverity fix causing native tests failure
39 lines
1.2 KiB
Diff
39 lines
1.2 KiB
Diff
diff --git a/compat.c b/compat.c
|
|
index 46dfe3a9c2e..478a9403eea 100644
|
|
--- a/compat.c
|
|
+++ b/compat.c
|
|
@@ -190,26 +190,26 @@ compat_pkalg_proposal(struct ssh *ssh, char *pkalg_prop)
|
|
char *
|
|
compat_kex_proposal(struct ssh *ssh, char *p)
|
|
{
|
|
- char *cp = NULL;
|
|
+ char *cp = NULL, *cp2 = NULL;
|
|
|
|
if ((ssh->compat & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0)
|
|
return xstrdup(p);
|
|
debug2_f("original KEX proposal: %s", p);
|
|
if ((ssh->compat & SSH_BUG_CURVE25519PAD) != 0)
|
|
- if ((p = match_filter_denylist(p,
|
|
+ if ((cp = match_filter_denylist(p,
|
|
"curve25519-sha256@libssh.org")) == NULL)
|
|
fatal("match_filter_denylist failed");
|
|
if ((ssh->compat & SSH_OLD_DHGEX) != 0) {
|
|
- cp = p;
|
|
- if ((p = match_filter_denylist(p,
|
|
+ if ((cp2 = match_filter_denylist(cp ? cp : p,
|
|
"diffie-hellman-group-exchange-sha256,"
|
|
"diffie-hellman-group-exchange-sha1")) == NULL)
|
|
fatal("match_filter_denylist failed");
|
|
free(cp);
|
|
+ cp = cp2;
|
|
}
|
|
- debug2_f("compat KEX proposal: %s", p);
|
|
- if (*p == '\0')
|
|
+ if (cp == NULL || *cp == '\0')
|
|
fatal("No supported key exchange algorithms found");
|
|
- return p;
|
|
+ debug2_f("compat KEX proposal: %s", cp);
|
|
+ return cp;
|
|
}
|
|
|