ssh: check md5 fingerprints case insensitively
This commit is contained in:
Kamil Dudka
parent
c8e1922952
commit
2856bdf841
|
|
@ -0,0 +1,33 @@
|
|||
From a57cd03551cb373bd69278d7281026ac147bb4b4 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Mon, 7 Nov 2016 12:54:40 +0100
|
||||
Subject: [PATCH 1/2] ssh: check md5 fingerprints case insensitively
|
||||
(regression)
|
||||
|
||||
Revert the change from ce8d09483eea but use the new function
|
||||
|
||||
Reported-by: Kamil Dudka
|
||||
Bug: https://github.com/curl/curl/commit/ce8d09483eea2fcb1b50e323e1a8ed1f3613b2e3#commitcomment-19666146
|
||||
|
||||
Upstream-commit: 50aded1cd4bb751cad52c39c4fa1f06ebc5e133e
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/ssh.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/ssh.c b/lib/ssh.c
|
||||
index 43c8283..0df030d 100644
|
||||
--- a/lib/ssh.c
|
||||
+++ b/lib/ssh.c
|
||||
@@ -676,7 +676,7 @@ static CURLcode ssh_check_fingerprint(struct connectdata *conn)
|
||||
* against a known fingerprint, if available.
|
||||
*/
|
||||
if(pubkey_md5 && strlen(pubkey_md5) == 32) {
|
||||
- if(!fingerprint || strcmp(md5buffer, pubkey_md5)) {
|
||||
+ if(!fingerprint || !strcasecompare(md5buffer, pubkey_md5)) {
|
||||
if(fingerprint)
|
||||
failf(data,
|
||||
"Denied establishing ssh session: mismatch md5 fingerprint. "
|
||||
--
|
||||
2.7.4
|
||||
|
||||
|
|
@ -1,11 +1,14 @@
|
|||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||
Name: curl
|
||||
Version: 7.51.0
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: MIT
|
||||
Group: Applications/Internet
|
||||
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
|
||||
|
||||
# ssh: check md5 fingerprints case insensitively
|
||||
Patch1: 0001-curl-7.51.0-ssh-md5.patch
|
||||
|
||||
# patch making libcurl multilib ready
|
||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||
|
||||
|
|
@ -122,6 +125,7 @@ documentation of the library, too.
|
|||
%setup -q
|
||||
|
||||
# upstream patches
|
||||
%patch1 -p1
|
||||
|
||||
# Fedora patches
|
||||
%patch101 -p1
|
||||
|
|
@ -229,6 +233,9 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%{_datadir}/aclocal/libcurl.m4
|
||||
|
||||
%changelog
|
||||
* Tue Nov 15 2016 Kamil Dudka <kdudka@redhat.com> 7.51.0-2
|
||||
- ssh: check md5 fingerprints case insensitively
|
||||
|
||||
* Wed Nov 02 2016 Kamil Dudka <kdudka@redhat.com> 7.51.0-1
|
||||
- temporarily disable failing libidn2 test-cases
|
||||
- new upstream release, which fixes the following vulnerabilities
|
||||
|
|
|
|||
Loading…
Reference in New Issue