From fa902a37aefbe2215654c3f902ee6add1ece0200 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 10 Mar 2023 16:14:08 +0100
Subject: [PATCH] CVE-2023-1667:packet_cb: Log more verbose error if signature
 verification fails

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/packet_cb.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/packet_cb.c b/src/packet_cb.c
index 4107f75f..c53ef1d6 100644
--- a/src/packet_cb.c
+++ b/src/packet_cb.c
@@ -161,6 +161,9 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
                                   session->next_crypto->digest_len);
     SSH_SIGNATURE_FREE(sig);
     if (rc == SSH_ERROR) {
+      ssh_set_error(session,
+                    SSH_FATAL,
+                    "Failed to verify server hostkey signature");
       goto error;
     }
     SSH_LOG(SSH_LOG_DEBUG,"Signature verified and valid");