blob: 034c51778e492fdb3061d1a2cbb3a84e5887d513 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
From 39daba5e247ea495f88b0be82f0b7ebbdbf50fba Mon Sep 17 00:00:00 2001
From: John Thacker <johnthacker@gmail.com>
Date: Sat, 26 Jul 2025 07:10:28 -0400
Subject: [PATCH] ssh: Add a null check
Fix #20642
Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/39daba5e247ea495f88b0be82f0b7ebbdbf50fba]
CVE: CVE-2025-9817
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
epan/dissectors/packet-ssh.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/epan/dissectors/packet-ssh.c b/epan/dissectors/packet-ssh.c
index 4f2b0ff..9b3b904 100644
--- a/epan/dissectors/packet-ssh.c
+++ b/epan/dissectors/packet-ssh.c
@@ -2359,6 +2359,10 @@ ssh_kex_shared_secret(gint kex_type, ssh_bignum *pub, ssh_bignum *priv, ssh_bign
}
if(kex_type==SSH_KEX_DH_GEX){
+ if (modulo == NULL) {
+ ws_debug("Missing group modulo");
+ return NULL;
+ }
gcry_mpi_t b = NULL;
gcry_mpi_scan(&b, GCRYMPI_FMT_USG, pub->data, pub->length, NULL);
gcry_mpi_t d = NULL, e = NULL, m = NULL;
--
2.43.0
|
