killercd/CVE-2026-35414

# CVE-2026-35414 CVE-2026-35414 漏洞块 ## auth2-pubkeyfile.c (存在漏洞) ``` static int match_principals_option(const char *principal_list, struct sshkey_cert *cert) { char *result; u_int i; /* XXX percent_expand() sequences for authorized_principals? */ for (i = 0; i < cert->nprincipals; i++) { if ((result = match_list(cert->principals[i], principal_list, NULL)) != NULL) { debug3("matched principal from key options \"%.100s\"", result); free(result); return 1; } } return 0; } ``` ## auth2-pubkeyfile.c (已修复) ``` static int match_principals_option(const char *principal_list, struct sshkey_cert *cert) { char *list, *olist, *entry; u_int i; olist = list = xstrdup(principal_list); for (;;) { if ((entry = strsep(&list, ",")) == NULL || *entry == '\0') break; for (i = 0; i < cert->nprincipals; i++) { if (strcmp(entry, cert->principals[i]) == 0) { debug3("matched principal from key i" "options \"%.100s\"", entry); free(olist); return 1; } } } free(olist); return 0; } ```

标签：C/C++, CISA项目, CVE-2026-35414, OpenSSH, SSH漏洞, 事务性I/O, 公钥认证, 协议分析, 安全代码, 安全补丁, 权限提升, 漏洞修复, 漏洞分析, 网络协议安全, 网络安全, 网络安全培训, 认证机制, 证书主体, 路径探测, 身份验证绕过, 隐私保护