CVE-2023-1667:packet_cb: Log more verbose error if signature verification fails

Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2025-12-09 15:41:10 +03:00 · 2023-03-10 16:14:08 +01:00
parent df350d3aa4
commit fa902a37ae
1 changed files with 3 additions and 0 deletions
--- a/src/packet_cb.c
+++ b/src/packet_cb.c
@@ -161,6 +161,9 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
                                  session->next_crypto->digest_len);
    SSH_SIGNATURE_FREE(sig);
    if (rc == SSH_ERROR) {
+      ssh_set_error(session,
+                    SSH_FATAL,
+                    "Failed to verify server hostkey signature");
      goto error;
    }
    SSH_LOG(SSH_LOG_DEBUG,"Signature verified and valid");