Ticket #4506: 0001-sftpfs-Don-t-set-preferred-hostkey-methods-too-restr.2.patch

File 0001-sftpfs-Don-t-set-preferred-hostkey-methods-too-restr.2.patch, 2.5 KB (added by andrew_b, 9 months ago)

Modified patch with fixed memory management

  • src/vfs/sftpfs/connection.c

    diff --git a/src/vfs/sftpfs/connection.c b/src/vfs/sftpfs/connection.c
    index d2466dedb..ebd9796dd 100644
    a b static const char *const hostkey_method_ssh_ecdsa_256 = "ecdsa-sha2-nistp256"; 
    7474static const char *const hostkey_method_ssh_rsa = "ssh-rsa"; 
    7575static const char *const hostkey_method_ssh_dss = "ssh-dss"; 
    7676 
     77/* hostkey methods supported by libssh2 1.11.0 */ 
     78static const char *default_hostkey_methods = 
     79    "ecdsa-sha2-nistp256," 
     80    "ecdsa-sha2-nistp384," 
     81    "ecdsa-sha2-nistp521," 
     82    "ecdsa-sha2-nistp256-cert-v01@openssh.com," 
     83    "ecdsa-sha2-nistp384-cert-v01@openssh.com," 
     84    "ecdsa-sha2-nistp521-cert-v01@openssh.com," 
     85    "ssh-ed25519," 
     86    "ssh-ed25519-cert-v01@openssh.com," 
     87    "rsa-sha2-256," 
     88    "rsa-sha2-512," 
     89    "ssh-rsa," 
     90    "ssh-rsa-cert-v01@openssh.com," 
     91    "ssh-dss"; 
     92 
    7793/** 
    7894 * 
    7995 * The current implementation of know host key checking has following limitations: 
    sftpfs_read_known_hosts (struct vfs_s_super *super, GError ** mcerror) 
    257273                continue; 
    258274 
    259275            if (store->name == NULL) 
    260                 found = TRUE; 
     276                /* Ignore hashed hostnames. Currently, libssh2 offers 
     277                 * no way for us to match it. */ 
     278                continue; 
    261279            else if (store->name[0] != '[') 
    262280                found = strcmp (store->name, super->path_element->host) == 0; 
    263281            else 
    sftpfs_read_known_hosts (struct vfs_s_super *super, GError ** mcerror) 
    285303    { 
    286304        int mask; 
    287305        const char *hostkey_method = NULL; 
     306        char *hostkey_methods; 
    288307 
    289308        mask = store->typemask & LIBSSH2_KNOWNHOST_KEY_MASK; 
    290309 
    sftpfs_read_known_hosts (struct vfs_s_super *super, GError ** mcerror) 
    326345            return FALSE; 
    327346        } 
    328347 
     348        /* Append the default hostkey methods (with lower priority). 
     349         * Since we ignored hashed hostnames, the actual matching host 
     350         * key might have different type than the one found in 
     351         * known_hosts for non-hashed hostname. Methods not supported 
     352         * by libssh2 it are ignored. */ 
     353        hostkey_methods = g_strdup_printf ("%s,%s", hostkey_method, default_hostkey_methods); 
    329354        rc = libssh2_session_method_pref (sftpfs_super->session, LIBSSH2_METHOD_HOSTKEY, 
    330                                           hostkey_method); 
     355                                          hostkey_methods); 
     356        g_free (hostkey_methods); 
    331357        if (rc < 0) 
    332358            goto err; 
    333359    }