3425 – sshauthopt_new() call in auth_restrict_session in auth.c has no NULL check

Bug 3425 - sshauthopt_new() call in auth_restrict_session in auth.c has no NULL check

Summary: sshauthopt_new() call in auth_restrict_session in auth.c has no NULL check

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sshd (show other bugs)
Version:	9.0p1
Hardware:	Other Windows 11

Importance:	P5 normal
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:	V_9_1
	Show dependency tree / graph

Reported:	2022-04-22 05:01 AEST by tess
Modified:	2022-10-04 21:58 AEDT (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description tess 2022-04-22 05:01:47 AEST

sshauthopt_net() is an unguarded null returned reference:

void
auth_restrict_session(struct ssh *ssh)
{
	struct sshauthopt *restricted;

	debug_f("restricting session");

	/* A blank sshauthopt defaults to permitting nothing */
	restricted = sshauthopt_new();
	restricted->permit_pty_flag = 1;
	restricted->restricted = 1;

	if (auth_activate_options(ssh, restricted) != 0)
		fatal_f("failed to restrict session");
	sshauthopt_free(restricted);
}

Comment 1 Darren Tucker 2022-04-29 13:30:46 AEST

Applied, thanks: https://github.com/openssh/openssh-portable/commit/67b7c784769c74fd4d6b147d91e17e1ac1a8a96d

Comment 2 Damien Miller 2022-10-04 21:58:53 AEDT

Closing bugs from openssh-9.1 release cycle