File wireshark-0011-CVE-2025-9817.patch of Package wireshark.40451
commit d3db4696f7286b669a04ebfa49a0c5811a1da63f
Author: John Thacker <johnthacker@gmail.com>
Date: Sat Jul 26 11:48:36 2025 +0000
ssh: Add a null check
Fix #20642
(cherry picked from commit 39daba5e247ea495f88b0be82f0b7ebbdbf50fba)
Co-authored-by: John Thacker <johnthacker@gmail.com>
diff --git a/epan/dissectors/packet-ssh.c b/epan/dissectors/packet-ssh.c
index 11c6b597f2..be0b8e71c9 100644
--- a/epan/dissectors/packet-ssh.c
+++ b/epan/dissectors/packet-ssh.c
@@ -2456,6 +2456,10 @@ ssh_kex_shared_secret(int kex_type, ssh_bignum *pub, ssh_bignum *priv, ssh_bignu
}
if(kex_type==SSH_KEX_DH_GEX){
+ if (modulo == NULL) {
+ ws_debug("Missing group modulo");
+ return NULL;
+ }
gcry_mpi_t b = NULL;
gcry_mpi_scan(&b, GCRYMPI_FMT_USG, pub->data, pub->length, NULL);
gcry_mpi_t d = NULL, e = NULL, m = NULL;
