From a66b4a6eae6614d200a3625862d77565b96a7cd3 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <norbertpocs0@gmail.com>
Date: Wed, 1 Nov 2023 11:24:43 +0100
Subject: [PATCH] CVE-2023-6004: config_parser: Allow multiple '@' in usernames

Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>

CVE: CVE-2023-6004
Upstream-Status: Backport [https://gitlab.com/libssh/libssh-mirror/-/commit/a66b4a6eae6614d200a3625862d77565b96a7cd3]
Signed-off-by: nikhil r <nikhil.r@kpit.com>

---
 src/config_parser.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/config_parser.c b/src/config_parser.c
index 0d988fec0..cf83e2c5e 100644
--- a/src/config_parser.c
+++ b/src/config_parser.c
@@ -180,7 +180,7 @@ int ssh_config_parse_uri(const char *tok,
     }
 
     /* Username part (optional) */
-    endp = strchr(tok, '@');
+    endp = strrchr(tok, '@');
     if (endp != NULL) {
         /* Zero-length username is not valid */
         if (tok == endp) {