CVE-2023-6004: config_parser: Check for valid syntax of a hostname if it is a domain name

This prevents code injection.
The domain name syntax checker is based on RFC1035.

Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>

src/config_parser.c

@@ -30,6 +30,7 @@
 
 #include "libssh/config_parser.h"
 #include "libssh/priv.h"
+#include "libssh/misc.h"
 
 /* Returns the original string after skipping the leading whitespace
  * until finding LF.
@@ -47,7 +48,7 @@ char *ssh_config_get_cmd(char **str)
             break;
         }
     }
-    
+
     for (r = c; *c; c++) {
         if (*c == '\n') {
             *c = '\0';
@@ -167,6 +168,7 @@ int ssh_config_parse_uri(const char *tok,
 {
     char *endp = NULL;
     long port_n;
+    int rc;
 
     /* Sanitize inputs */
     if (username != NULL) {
@@ -224,6 +226,14 @@ int ssh_config_parse_uri(const char *tok,
         if (*hostname == NULL) {
             goto error;
         }
+        /* if not an ip, check syntax */
+        rc = ssh_is_ipaddr(*hostname);
+        if (rc == 0) {
+            rc = ssh_check_hostname_syntax(*hostname);
+            if (rc != SSH_OK) {
+                goto error;
+            }
+        }
     }
     /* Skip also the closing bracket */
     if (*endp == ']') {