Add validation for accept request and reply

padelsbach · padelsbach · commit 51f23aad5633 · 2026-03-30T11:41:06.000-07:00
diff --git a/src/internal.c b/src/internal.c
@@ -6539,6 +6539,17 @@ static int DoServiceRequest(WOLFSSH* ssh,
 
     ret = GetString(name, &nameSz, buf, len, idx);
 
+    /* Check if requested service is 'ssh-userauth' */
+    if (ret == WS_SUCCESS) {
+        const char* nameUserAuth = IdToName(ID_SERVICE_USERAUTH);
+        if (nameUserAuth == NULL || XSTRCMP(name, nameUserAuth) != 0) {
+            WLOG(WS_LOG_DEBUG, "Requested unsupported service: %s", name);
+            SendDisconnect(ssh,
+                    WOLFSSH_DISCONNECT_SERVICE_NOT_AVAILABLE);
+            ret = WS_INVALID_STATE_E;
+        }
+    }
+
     if (ret == WS_SUCCESS) {
         WLOG(WS_LOG_DEBUG, "Requesting service: %s", name);
         ssh->clientState = CLIENT_USERAUTH_REQUEST_DONE;
@@ -6557,6 +6568,15 @@ static int DoServiceAccept(WOLFSSH* ssh,
 
     ret = GetString(name, &nameSz, buf, len, idx);
 
+    /* Check if accepted service is 'ssh-userauth' */
+    if (ret == WS_SUCCESS) {
+        const char* nameUserAuth = IdToName(ID_SERVICE_USERAUTH);
+        if (nameUserAuth == NULL || XSTRCMP(name, nameUserAuth) != 0) {
+            WLOG(WS_LOG_DEBUG, "Accepted unexpected service: %s", name);
+            ret = WS_INVALID_STATE_E;
+        }
+    }
+
     if (ret == WS_SUCCESS) {
         WLOG(WS_LOG_DEBUG, "Accepted service: %s", name);
         ssh->serverState = SERVER_USERAUTH_REQUEST_DONE;
