| Summary: | sshauthopt_new() call in auth_restrict_session in auth.c has no NULL check | ||
|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | tess <tessgauthier> |
| Component: | sshd | Assignee: | Assigned to nobody <unassigned-bugs> |
| Status: | CLOSED FIXED | ||
| Severity: | normal | CC: | dtucker |
| Priority: | P5 | ||
| Version: | 9.0p1 | ||
| Hardware: | Other | ||
| OS: | Windows 11 | ||
| Bug Depends on: | |||
| Bug Blocks: | 3418 | ||
Applied, thanks: https://github.com/openssh/openssh-portable/commit/67b7c784769c74fd4d6b147d91e17e1ac1a8a96d Closing bugs from openssh-9.1 release cycle |
sshauthopt_net() is an unguarded null returned reference: void auth_restrict_session(struct ssh *ssh) { struct sshauthopt *restricted; debug_f("restricting session"); /* A blank sshauthopt defaults to permitting nothing */ restricted = sshauthopt_new(); restricted->permit_pty_flag = 1; restricted->restricted = 1; if (auth_activate_options(ssh, restricted) != 0) fatal_f("failed to restrict session"); sshauthopt_free(restricted); }