From 39daba5e247ea495f88b0be82f0b7ebbdbf50fba Mon Sep 17 00:00:00 2001
From: John Thacker <johnthacker@gmail.com>
Date: Sat, 26 Jul 2025 07:10:28 -0400
Subject: [PATCH] ssh: Add a null check

Fix #20642

Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/39daba5e247ea495f88b0be82f0b7ebbdbf50fba]
CVE: CVE-2025-9817
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
 epan/dissectors/packet-ssh.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/epan/dissectors/packet-ssh.c b/epan/dissectors/packet-ssh.c
index 4f2b0ff..9b3b904 100644
--- a/epan/dissectors/packet-ssh.c
+++ b/epan/dissectors/packet-ssh.c
@@ -2359,6 +2359,10 @@ ssh_kex_shared_secret(gint kex_type, ssh_bignum *pub, ssh_bignum *priv, ssh_bign
     }
 
     if(kex_type==SSH_KEX_DH_GEX){
+	if (modulo == NULL) {
+	    ws_debug("Missing group modulo");
+	    return NULL;
+	}
         gcry_mpi_t b = NULL;
         gcry_mpi_scan(&b, GCRYMPI_FMT_USG, pub->data, pub->length, NULL);
         gcry_mpi_t d = NULL, e = NULL, m = NULL;
-- 
2.43.0