commit 247f6291b0ec7f43ba5a4c7521161372835d634d
Author: Daniel Stenberg <daniel@haxx.se>
Date:   Mon May 9 23:13:53 2022 +0200

    [Backport] url: check SSH config match on connection reuse
    
    Offering: RTOS
    CVE: CVE-2022-27782
    Reference: upstream_commit_id=1645e9b44505abd5cbaf65da5282c3f33b5924a5
    
    DTS/AR: DTS2022051305556
    type: LTS
    reason: fix CVE-2022-27782 for curl.
    weblink:https://github.com/curl/curl/commit/1645e9b44505abd5cbaf65da5282c3f33b5924a5
    
    CVE-2022-27782
    
    Reported-by: Harry Sintonen
    Bug: https://curl.se/docs/CVE-2022-27782.html
    Closes #8825
    
    Signed-off-by: jiahuasheng <jiahuasheng@h-partners.com>

diff --git a/lib/url.c b/lib/url.c
index fcebb62bb..0d74884c9 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -1089,6 +1089,12 @@ static void prune_dead_connections(struct Curl_easy *data)
   }
 }
 
+static bool ssh_config_matches(struct connectdata *one,
+                               struct connectdata *two)
+{
+  return (Curl_safecmp(one->proto.sshc.rsa, two->proto.sshc.rsa) &&
+          Curl_safecmp(one->proto.sshc.rsa_pub, two->proto.sshc.rsa_pub));
+}
 /*
  * Given one filled in connection struct (named needle), this function should
  * detect if there already is one that has all the significant details
@@ -1348,6 +1354,11 @@ ConnectionExists(struct Curl_easy *data,
          (data->state.httpwant < CURL_HTTP_VERSION_2_0))
         continue;
 
+      if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
+        if(!ssh_config_matches(needle, check))
+          continue;
+      }
+
       if((needle->handler->flags&PROTOPT_SSL)
 #ifndef CURL_DISABLE_PROXY
          || !needle->bits.httpproxy || needle->bits.tunnel_proxy
diff --git a/lib/vssh/ssh.h b/lib/vssh/ssh.h
index 7972081ec..30d82e576 100644
--- a/lib/vssh/ssh.h
+++ b/lib/vssh/ssh.h
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -131,8 +131,8 @@ struct ssh_conn {
 
   /* common */
   const char *passphrase;     /* pass-phrase to use */
-  char *rsa_pub;              /* path name */
-  char *rsa;                  /* path name */
+  char *rsa_pub;              /* strdup'ed public key file */
+  char *rsa;                  /* strdup'ed private key file */
   bool authed;                /* the connection has been authenticated fine */
   bool acceptfail;            /* used by the SFTP_QUOTE (continue if
                                  quote command fails) */