CVE-2023-48795: Server side mitigations

Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2025-12-12 15:41:16 +03:00 · 2023-12-12 23:30:26 +01:00
parent 7ecc6a704b
commit 3876976ced
3 changed files with 44 additions and 11 deletions
--- a/src/server.c
+++ b/src/server.c
@@ -187,7 +187,13 @@ int server_set_kex(ssh_session session)
        }
    }

-    return 0;
+    /* Do not append the extensions during rekey */
+    if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED) {
+        return SSH_OK;
+    }
+
+    rc = ssh_kex_append_extensions(session, server);
+    return rc;
 }

 int ssh_server_init_kex(ssh_session session) {