cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH] ssh: Handle successful SSH_USERAUTH_NONE

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Tue, 15 Oct 2013 20:54:18 +0200 (CEST)

On Mon, 14 Oct 2013, Tyler Hall wrote:

> According to the documentation for libssh2_userauth_list(), a NULL return
> value is not necessarily an error. You must call
> libssh2_userauth_authenticated() to determine if the SSH_USERAUTH_NONE
> request was successful.
>
> This fixes a segv when using sftp on a server that allows logins with an
> empty password. When NULL was interpreted as an error, it would free the
> session but not flag an error since the libssh2 errno would be clear. This
> resulted in dereferencing a NULL session pointer.

Lovely (and slightly embarrasing that I didn't see this already before since
I'm sure I wrote that part of the libssh2 documentation) !

Thanks a lot, merged and pushed!

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2013-10-15