lib/libssh2
1
0
Fork 0
mirror of https://github.com/libssh2/libssh2.git synced 2025-08-13 04:42:24 +03:00
Code Activity

keyb-interactive: allow zero length fields

Browse Source 
Allow zero length fields so they don't cause malloc(0) calls

Avoid free()ing NULL pointers

Avoid a malloc of a fixed 5 byte buffer.
This commit is contained in:
Daniel Stenberg
2011-05-31 23:33:56 +02:00
parent 0723dab4d7
commit 566894494b
1 changed files with 81 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

160
src/userauth.c
View File

@@ -1447,7 +1447,6 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session,
} }
/* server requested PAM-like conversation */ /* server requested PAM-like conversation */
s = session->userauth_kybd_data + 1; s = session->userauth_kybd_data + 1;
/* string name (ISO-10646 UTF-8) */ /* string name (ISO-10646 UTF-8) */
@@ -1472,23 +1471,26 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session,
/* string instruction (ISO-10646 UTF-8) */ /* string instruction (ISO-10646 UTF-8) */
session->userauth_kybd_auth_instruction_len = _libssh2_ntohu32(s); session->userauth_kybd_auth_instruction_len = _libssh2_ntohu32(s);
s += 4; s += 4;
session->userauth_kybd_auth_instruction = if(session->userauth_kybd_auth_instruction_len) {
LIBSSH2_ALLOC(session, session->userauth_kybd_auth_instruction =
session->userauth_kybd_auth_instruction_len); LIBSSH2_ALLOC(session,
if (!session->userauth_kybd_auth_instruction) { session->userauth_kybd_auth_instruction_len);
_libssh2_error(session, LIBSSH2_ERROR_ALLOC, if (!session->userauth_kybd_auth_instruction) {
"Unable to allocate memory for " _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"keyboard-interactive 'instruction' " "Unable to allocate memory for "
"request field"); "keyboard-interactive 'instruction' "
goto cleanup; "request field");
goto cleanup;
}
memcpy(session->userauth_kybd_auth_instruction, s,
session->userauth_kybd_auth_instruction_len);
s += session->userauth_kybd_auth_instruction_len;
} }
memcpy(session->userauth_kybd_auth_instruction, s,
session->userauth_kybd_auth_instruction_len);
s += session->userauth_kybd_auth_instruction_len;
/* string language tag (as defined in [RFC-3066]) */ /* string language tag (as defined in [RFC-3066]) */
language_tag_len = _libssh2_ntohu32(s); language_tag_len = _libssh2_ntohu32(s);
s += 4; s += 4;
/* ignoring this field as deprecated */ /* ignoring this field as deprecated */
s += language_tag_len; s += language_tag_len;
@@ -1496,53 +1498,56 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session,
session->userauth_kybd_num_prompts = _libssh2_ntohu32(s); session->userauth_kybd_num_prompts = _libssh2_ntohu32(s);
s += 4; s += 4;
session->userauth_kybd_prompts = if(session->userauth_kybd_num_prompts) {
LIBSSH2_ALLOC(session, session->userauth_kybd_prompts =
sizeof(LIBSSH2_USERAUTH_KBDINT_PROMPT) *
session->userauth_kybd_num_prompts);
if (!session->userauth_kybd_prompts) {
_libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate memory for "
"keyboard-interactive prompts array");
goto cleanup;
}
memset(session->userauth_kybd_prompts, 0,
sizeof(LIBSSH2_USERAUTH_KBDINT_PROMPT) *
session->userauth_kybd_num_prompts);
session->userauth_kybd_responses =
LIBSSH2_ALLOC(session,
sizeof(LIBSSH2_USERAUTH_KBDINT_RESPONSE) *
session->userauth_kybd_num_prompts);
if (!session->userauth_kybd_responses) {
_libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate memory for "
"keyboard-interactive responses array");
goto cleanup;
}
memset(session->userauth_kybd_responses, 0,
sizeof(LIBSSH2_USERAUTH_KBDINT_RESPONSE) *
session->userauth_kybd_num_prompts);
for(i = 0; i != session->userauth_kybd_num_prompts; ++i) {
/* string prompt[1] (ISO-10646 UTF-8) */
session->userauth_kybd_prompts[i].length = _libssh2_ntohu32(s);
s += 4;
session->userauth_kybd_prompts[i].text =
LIBSSH2_ALLOC(session, LIBSSH2_ALLOC(session,
session->userauth_kybd_prompts[i].length); sizeof(LIBSSH2_USERAUTH_KBDINT_PROMPT) *
if (!session->userauth_kybd_prompts[i].text) { session->userauth_kybd_num_prompts);
if (!session->userauth_kybd_prompts) {
_libssh2_error(session, LIBSSH2_ERROR_ALLOC, _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate memory for " "Unable to allocate memory for "
"keyboard-interactive prompt message"); "keyboard-interactive prompts array");
goto cleanup; goto cleanup;
} }
memcpy(session->userauth_kybd_prompts[i].text, s, memset(session->userauth_kybd_prompts, 0,
session->userauth_kybd_prompts[i].length); sizeof(LIBSSH2_USERAUTH_KBDINT_PROMPT) *
s += session->userauth_kybd_prompts[i].length; session->userauth_kybd_num_prompts);
/* boolean echo[1] */ session->userauth_kybd_responses =
session->userauth_kybd_prompts[i].echo = *s++; LIBSSH2_ALLOC(session,
sizeof(LIBSSH2_USERAUTH_KBDINT_RESPONSE) *
session->userauth_kybd_num_prompts);
if (!session->userauth_kybd_responses) {
_libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate memory for "
"keyboard-interactive responses array");
goto cleanup;
}
memset(session->userauth_kybd_responses, 0,
sizeof(LIBSSH2_USERAUTH_KBDINT_RESPONSE) *
session->userauth_kybd_num_prompts);
for(i = 0; i != session->userauth_kybd_num_prompts; ++i) {
/* string prompt[1] (ISO-10646 UTF-8) */
session->userauth_kybd_prompts[i].length =
_libssh2_ntohu32(s);
s += 4;
session->userauth_kybd_prompts[i].text =
LIBSSH2_ALLOC(session,
session->userauth_kybd_prompts[i].length);
if (!session->userauth_kybd_prompts[i].text) {
_libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate memory for "
"keyboard-interactive prompt message");
goto cleanup;
}
memcpy(session->userauth_kybd_prompts[i].text, s,
session->userauth_kybd_prompts[i].length);
s += session->userauth_kybd_prompts[i].length;
/* boolean echo[1] */
session->userauth_kybd_prompts[i].echo = *s++;
}
} }
response_callback(session->userauth_kybd_auth_name, response_callback(session->userauth_kybd_auth_name,
@@ -1558,11 +1563,6 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session,
"Keyboard-interactive response callback function" "Keyboard-interactive response callback function"
" invoked"); " invoked");
session->userauth_kybd_packet_len =
1 /* byte SSH_MSG_USERAUTH_INFO_RESPONSE */
+ 4 /* int num-responses */
;
for(i = 0; i != session->userauth_kybd_num_prompts; ++i) { for(i = 0; i != session->userauth_kybd_num_prompts; ++i) {
/* string response[1] (ISO-10646 UTF-8) */ /* string response[1] (ISO-10646 UTF-8) */
session->userauth_kybd_packet_len += session->userauth_kybd_packet_len +=
@@ -1572,15 +1572,10 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session,
/* A new userauth_kybd_data area is to be allocated, free the /* A new userauth_kybd_data area is to be allocated, free the
former one. */ former one. */
LIBSSH2_FREE(session, session->userauth_kybd_data); LIBSSH2_FREE(session, session->userauth_kybd_data);
session->userauth_kybd_data = NULL;
session->userauth_kybd_data = s = /* get a pointer to the storage buffer that fits 5 bytes */
LIBSSH2_ALLOC(session, session->userauth_kybd_packet_len); s = &session->userauth_buf[0];
if (!s) {
_libssh2_error(session, LIBSSH2_ERROR_ALLOC,
"Unable to allocate memory for keyboard-"
"interactive response packet");
goto cleanup;
}
*s = SSH_MSG_USERAUTH_INFO_RESPONSE; *s = SSH_MSG_USERAUTH_INFO_RESPONSE;
s++; s++;
@@ -1596,13 +1591,12 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session,
} }
if (session->userauth_kybd_state == libssh2_NB_state_sent1) { if (session->userauth_kybd_state == libssh2_NB_state_sent1) {
rc = _libssh2_transport_send(session, session->userauth_kybd_data, rc = _libssh2_transport_send(session, session->userauth_buf,
session->userauth_kybd_packet_len, sizeof(session->userauth_buf),
NULL, 0); NULL, 0);
if (rc == LIBSSH2_ERROR_EAGAIN) { if (rc == LIBSSH2_ERROR_EAGAIN)
return _libssh2_error(session, LIBSSH2_ERROR_EAGAIN, return _libssh2_error(session, LIBSSH2_ERROR_EAGAIN,
"Would block"); "Would block");
}
if (rc) { if (rc) {
_libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, _libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND,
"Unable to send userauth-keyboard-interactive" "Unable to send userauth-keyboard-interactive"
@@ -1637,14 +1631,22 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session,
} }
} }
LIBSSH2_FREE(session, session->userauth_kybd_prompts); if(session->userauth_kybd_prompts) {
session->userauth_kybd_prompts = NULL; LIBSSH2_FREE(session, session->userauth_kybd_prompts);
LIBSSH2_FREE(session, session->userauth_kybd_responses); session->userauth_kybd_prompts = NULL;
session->userauth_kybd_responses = NULL; }
LIBSSH2_FREE(session, session->userauth_kybd_auth_name); if(session->userauth_kybd_responses) {
session->userauth_kybd_auth_name = NULL; LIBSSH2_FREE(session, session->userauth_kybd_responses);
LIBSSH2_FREE(session, session->userauth_kybd_auth_instruction); session->userauth_kybd_responses = NULL;
session->userauth_kybd_auth_instruction = NULL; }
if(session->userauth_kybd_auth_name) {
LIBSSH2_FREE(session, session->userauth_kybd_auth_name);
session->userauth_kybd_auth_name = NULL;
}
if(session->userauth_kybd_auth_instruction) {
LIBSSH2_FREE(session, session->userauth_kybd_auth_instruction);
session->userauth_kybd_auth_instruction = NULL;
}
if (session->userauth_kybd_auth_failure) { if (session->userauth_kybd_auth_failure) {
session->userauth_kybd_state = libssh2_NB_state_idle; session->userauth_kybd_state = libssh2_NB_state_idle;