Subject: [libssh2] #169: segmentation fault in pubkey authentication

[libssh2] #169: segmentation fault in pubkey authentication

From: libssh2 Trac <trac_at_libssh2.stuge.se>
Date: Mon, 29 Mar 2010 12:18:05 -0000

#169: segmentation fault in pubkey authentication
-------------------------+--------------------------------------------------
 Reporter: suyogjadhav | Owner:
     Type: defect | Status: new
 Priority: high | Milestone:
Component: API | Version: 1.2.4
 Keywords: | Blocking:
Blockedby: |
-------------------------+--------------------------------------------------
 libssh2 encounter SIGSEGV when null passphrase is passed to
 libssh2_userauth_publickey_fromfile while the passed key requires a valid
 passphrase.

 My application takes these configuration from user,and when passed along
 they cause app to crash.

 The error is traced to passphrase_cb in openssl.c.
 This function does not check for null passphrase and tries to find strlen
 causing the segmentation fault.

 A simple check such as this would suffice,

 passphrase_len = 0;
 if(passphrase != NULL)
 passphrase_len = strlen(passphrase);

-- 
Ticket URL: <http://libssh2.stuge.se/ticket/169>
libssh2 <http://libssh2.stuge.se/>
C library for writing portable SSH2 clients
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2010-03-29