Auth: fix possible off-by-one

No security impact, only triggable by specific API call
2025-11-29 01:03:57 +03:00 · 2011-09-14 17:28:41 +03:00
parent 49ae226b90
commit 0fa88fdcfe
1 changed files with 2 additions and 2 deletions
--- a/src/auth.c
+++ b/src/auth.c
@@ -2004,7 +2004,7 @@ const char *ssh_userauth_kbdint_getanswer(ssh_session session, unsigned int i) {
                   || session->kbdint->answers == NULL) {
    return NULL;
  }
-  if (i > session->kbdint->nanswers) {
+  if (i >= session->kbdint->nanswers) {
    return NULL;
  }

@@ -2031,7 +2031,7 @@ int ssh_userauth_kbdint_setanswer(ssh_session session, unsigned int i,
  if (session == NULL)
    return -1;
  if (answer == NULL || session->kbdint == NULL ||
-      i > session->kbdint->nprompts) {
+      i >= session->kbdint->nprompts) {
    ssh_set_error_invalid(session, __FUNCTION__);
    return -1;
  }