[Bug 2539] Add missing sanity check for read_passphrase() in auth-pam.c

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Mon Feb 15 10:16:46 AEDT 2016


https://bugzilla.mindrot.org/show_bug.cgi?id=2539

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |dtucker at zip.com.au
         Resolution|---                         |INVALID

--- Comment #1 from Darren Tucker <dtucker at zip.com.au> ---
(In reply to Bill Parker from comment #0)
> 	In reviewing code in OpenSSH-7.1p2, it would appear in file
> 'auth-pam.c',
> function 'sshpam_tty_conv()', there is a call to read_passphrase()
> which is not checked for a return value of NULL, indicating failure.
> The patch file below should address/correct this issue:
[...]
>                         reply[i].resp =
>                             read_passphrase(PAM_MSG_MEMBER(msg, i,
> msg),
>                             RP_ALLOW_STDIN);
> +                       if (reply[i].resp == NULL)
> +                               goto fail;

Thanks, but read_passphrase() can only return NULL if given the
RP_ALLOW_EOF flag which this code doesn't, so in this case it's
guaranteed to be non-NULL.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list