CVE-2025-30211-pre1.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

From: Jakub Witczak <kuba@erlang.org>
Date: Fri, 27 Jan 2023 17:13:31 +0100
Subject: [PATCH] ssh: reduce log length

origin: backport, https://github.com/erlang/otp/commit/e93e40cf8150539338e7320b9fd9bad825b0a6d0
bug: https://github.com/erlang/otp/security/advisories/GHSA-vvr3-fjhh-cfwc
bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101713
---
 lib/ssh/src/ssh_connection_handler.erl | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl
index 53b7d5c..b8c89b8 100644
--- a/lib/ssh/src/ssh_connection_handler.erl
+++ b/lib/ssh/src/ssh_connection_handler.erl
@@ -1504,8 +1504,10 @@ handle_event(info, {Proto, Sock, Info}, {hello,_}, #data{socket = Sock,
     end;
 
 
-handle_event(info, {Proto, Sock, NewData}, StateName, D0 = #data{socket = Sock,
-								 transport_protocol = Proto}) ->
+handle_event(info, {Proto, Sock, NewData}, StateName,
+             D0 = #data{socket = Sock,
+                        transport_protocol = Proto,
+                        ssh_params = SshParams}) ->
     try ssh_transport:handle_packet_part(
 	  D0#data.decrypted_data_buffer,
 	  <<(D0#data.encrypted_data_buffer)/binary, NewData/binary>>,
@@ -1549,10 +1551,11 @@ handle_event(info, {Proto, Sock, NewData}, StateName, D0 = #data{socket = Sock,
 				    ]}
 	    catch
 		C:E:ST  ->
-                    {Shutdown, D} =  
+                    MaxLogItemLen = ?GET_OPT(max_log_item_len,SshParams#ssh.opts),
+                    {Shutdown, D} =
                         ?send_disconnect(?SSH_DISCONNECT_PROTOCOL_ERROR,
-                                         io_lib:format("Bad packet: Decrypted, but can't decode~n~p:~p~n~p",
-                                                       [C,E,ST]),
+                                         io_lib:format("Bad packet: Decrypted, but can't decode~n~p:~p~n~P",
+                                                       [C,E,ST,MaxLogItemLen]),
                                          StateName, D1),
                     {stop, Shutdown, D}
 	    end;
@@ -1583,9 +1586,11 @@ handle_event(info, {Proto, Sock, NewData}, StateName, D0 = #data{socket = Sock,
             {stop, Shutdown, D}
     catch
 	C:E:ST ->
-            {Shutdown, D} =  
+            MaxLogItemLen = ?GET_OPT(max_log_item_len,SshParams#ssh.opts),
+            {Shutdown, D} =
                 ?send_disconnect(?SSH_DISCONNECT_PROTOCOL_ERROR,
-                                 io_lib:format("Bad packet: Couldn't decrypt~n~p:~p~n~p",[C,E,ST]),
+                                 io_lib:format("Bad packet: Couldn't decrypt~n~p:~p~n~P",
+                                               [C,E,ST,MaxLogItemLen]),
                                  StateName, D0),
             {stop, Shutdown, D}
     end;