libssh2: compare sha256 strings case sensitively

Reported-by: Harry Sintonen Bug: https://hackerone.com/reports/1549435 Closes #8744
author: Daniel Stenberg <daniel@haxx.se> 2022-04-25 11:41:20 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2022-04-25 11:41:20 +0200
commit: ff2f3e836702daa82e2356195482fcc95f4257dc (patch)
tree: b6c3c9e5088d9aa228cb8ed8d120acea20a36474 /lib/vssh
parent: a09a12806e5e6abd9e11f13e8fc061f801a797c8 (diff)
download: curl-ff2f3e836702daa82e2356195482fcc95f4257dc.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c
index 24cad59b3..81ee67174 100644
--- a/lib/vssh/libssh2.c
+++ b/lib/vssh/libssh2.c
@@ -694,12 +694,12 @@ static CURLcode ssh_check_fingerprint(struct Curl_easy *data)
      * against a known fingerprint, if available.
      */
     if((pub_pos != b64_pos) ||
-        Curl_strncasecompare(fingerprint_b64, pubkey_sha256, pub_pos) != 1) {
+       strncmp(fingerprint_b64, pubkey_sha256, pub_pos)) {
       free(fingerprint_b64);
 
       failf(data,
-          "Denied establishing ssh session: mismatch sha256 fingerprint. "
-          "Remote %s is not equal to %s", fingerprint_b64, pubkey_sha256);
+            "Denied establishing ssh session: mismatch sha256 fingerprint. "
+            "Remote %s is not equal to %s", fingerprint_b64, pubkey_sha256);
       state(data, SSH_SESSION_FREE);
       sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
       return sshc->actualcode;
author	Daniel Stenberg <daniel@haxx.se>	2022-04-25 11:41:20 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2022-04-25 11:41:20 +0200
commit	ff2f3e836702daa82e2356195482fcc95f4257dc (patch)
tree	b6c3c9e5088d9aa228cb8ed8d120acea20a36474 /lib/vssh
parent	a09a12806e5e6abd9e11f13e8fc061f801a797c8 (diff)
download	curl-ff2f3e836702daa82e2356195482fcc95f4257dc.tar.gz