SSH: use the port number as well for known_known checks (18e1a302) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

lib/ssh.c

+19 −0

Original line number	Diff line number	Diff line
		@@ -99,6 +99,13 @@
		# endif
		#endif

		/* Feature detection based on version numbers to better work with
		non-configure platforms */
		#if LIBSSH2_VERSION_NUM >= 0x010206
		/* libssh2_knownhost_checkp was added in 1.2.6 */
		#define HAVE_LIBSSH2_KNOWNHOST_CHECKP
		#endif

		#ifndef PATH_MAX
		#define PATH_MAX 1024 /* just an extra precaution since there are systems that
		have their definition hidden well */
		@@ -546,6 +553,17 @@ static CURLcode ssh_knownhost(struct connectdata *conn)
		keybit = (keytype == LIBSSH2_HOSTKEY_TYPE_RSA)?
		LIBSSH2_KNOWNHOST_KEY_SSHRSA:LIBSSH2_KNOWNHOST_KEY_SSHDSS;

		#ifdef HAVE_LIBSSH2_KNOWNHOST_CHECKP
		keycheck = libssh2_knownhost_checkp(sshc->kh,
		conn->host.name,
		(conn->remote_port != PORT_SSH)?
		conn->remote_port:-1,
		remotekey, keylen,
		LIBSSH2_KNOWNHOST_TYPE_PLAIN\|
		LIBSSH2_KNOWNHOST_KEYENC_RAW\|
		keybit,
		&host);
		#else
		keycheck = libssh2_knownhost_check(sshc->kh,
		conn->host.name,
		remotekey, keylen,
		@@ -553,6 +571,7 @@ static CURLcode ssh_knownhost(struct connectdata *conn)
		LIBSSH2_KNOWNHOST_KEYENC_RAW\|
		keybit,
		&host);
		#endif

		infof(data, "SSH host check: %d, key: %s\n", keycheck,
		(keycheck <= LIBSSH2_KNOWNHOST_CHECK_MISMATCH)?