Bug 3425 - sshauthopt_new() call in auth_restrict_session in auth.c has no NULL check
Summary: sshauthopt_new() call in auth_restrict_session in auth.c has no NULL check
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 9.0p1
Hardware: Other Windows 11
: P5 normal
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks: V_9_1
  Show dependency treegraph
 
Reported: 2022-04-22 05:01 AEST by tess
Modified: 2022-10-04 21:58 AEDT (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description tess 2022-04-22 05:01:47 AEST
sshauthopt_net() is an unguarded null returned reference:

void
auth_restrict_session(struct ssh *ssh)
{
	struct sshauthopt *restricted;

	debug_f("restricting session");

	/* A blank sshauthopt defaults to permitting nothing */
	restricted = sshauthopt_new();
	restricted->permit_pty_flag = 1;
	restricted->restricted = 1;

	if (auth_activate_options(ssh, restricted) != 0)
		fatal_f("failed to restrict session");
	sshauthopt_free(restricted);
}
Comment 2 Damien Miller 2022-10-04 21:58:53 AEDT
Closing bugs from openssh-9.1 release cycle