diff options
author | Daniel Stenberg <daniel@haxx.se> | 2022-04-25 11:41:20 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2022-04-25 11:41:20 +0200 |
commit | ff2f3e836702daa82e2356195482fcc95f4257dc (patch) | |
tree | b6c3c9e5088d9aa228cb8ed8d120acea20a36474 /lib | |
parent | a09a12806e5e6abd9e11f13e8fc061f801a797c8 (diff) | |
download | curl-ff2f3e836702daa82e2356195482fcc95f4257dc.tar.gz |
libssh2: compare sha256 strings case sensitively
Reported-by: Harry Sintonen
Bug: https://hackerone.com/reports/1549435
Closes #8744
Diffstat (limited to 'lib')
-rw-r--r-- | lib/vssh/libssh2.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c index 24cad59b3..81ee67174 100644 --- a/lib/vssh/libssh2.c +++ b/lib/vssh/libssh2.c @@ -694,12 +694,12 @@ static CURLcode ssh_check_fingerprint(struct Curl_easy *data) * against a known fingerprint, if available. */ if((pub_pos != b64_pos) || - Curl_strncasecompare(fingerprint_b64, pubkey_sha256, pub_pos) != 1) { + strncmp(fingerprint_b64, pubkey_sha256, pub_pos)) { free(fingerprint_b64); failf(data, - "Denied establishing ssh session: mismatch sha256 fingerprint. " - "Remote %s is not equal to %s", fingerprint_b64, pubkey_sha256); + "Denied establishing ssh session: mismatch sha256 fingerprint. " + "Remote %s is not equal to %s", fingerprint_b64, pubkey_sha256); state(data, SSH_SESSION_FREE); sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION; return sshc->actualcode; |