From 6ba5ff1b7b1547a59f750fbc06b89737b7456117 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 8 Jan 2026 12:09:50 +0100
Subject: [PATCH 05/12] CVE-2026-0966 misc: Avoid heap buffer underflow in
 ssh_get_hexa
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Pavol Žáčik <pzacik@redhat.com>
(cherry picked from commit 417a095e6749a1f3635e02332061edad3c6a3401)

Index: libssh-0.8.7/src/dh.c
===================================================================
--- libssh-0.8.7.orig/src/dh.c
+++ libssh-0.8.7/src/dh.c
@@ -1486,7 +1486,7 @@ char *ssh_get_hexa(const unsigned char *
   size_t i;
   size_t hlen = len * 3;
 
-  if (len > (UINT_MAX - 1) / 3) {
+  if (what == NULL || len < 1 || len > (UINT_MAX - 1) / 3) {
     return NULL;
   }