[Bug 3425] New: sshauthopt_new() call in auth_restrict_session in auth.c has no NULL check

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Apr 22 05:01:47 AEST 2022


https://bugzilla.mindrot.org/show_bug.cgi?id=3425

            Bug ID: 3425
           Summary: sshauthopt_new() call in auth_restrict_session in
                    auth.c has no NULL check
           Product: Portable OpenSSH
           Version: v9.0p1
          Hardware: Other
                OS: Windows 11
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: tessgauthier at microsoft.com

sshauthopt_net() is an unguarded null returned reference:

void
auth_restrict_session(struct ssh *ssh)
{
        struct sshauthopt *restricted;

        debug_f("restricting session");

        /* A blank sshauthopt defaults to permitting nothing */
        restricted = sshauthopt_new();
        restricted->permit_pty_flag = 1;
        restricted->restricted = 1;

        if (auth_activate_options(ssh, restricted) != 0)
                fatal_f("failed to restrict session");
        sshauthopt_free(restricted);
}

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list