lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-10-27 13:52:20 +03:00
Code Activity

CVE-2023-6004: config_parser: Allow multiple '@' in usernames

Browse Source 
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Norbert Pocs
2023-11-01 11:24:43 +01:00
committed by Andreas Schneider
parent 57ec9a35c6
commit 1dfde16f49
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/config_parser.c
View File

@@ -180,7 +180,7 @@ int ssh_config_parse_uri(const char *tok,
}
/* Username part (optional) */
endp = strchr(tok, '@');
endp = strrchr(tok, '@');
if (endp != NULL) {
/* Zero-length username is not valid */
if (tok == endp) {