From 45cd13469cf7cc2300c1b2c2db67b760eae74d89 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 30 Apr 2026 13:12:59 +0200
Subject: [PATCH] auth: Avoid off-by-one overflow during kbdint authentication
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Based on incomplete !754

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Pavol Žáčik <pzacik@redhat.com>
Merge-Request: <https://gitlab.com/libssh/libssh-mirror/-/merge_requests/827>
---
 src/auth.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/auth.c b/src/auth.c
index 7a78e22e..64c2351d 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -2417,7 +2417,7 @@ ssh_userauth_kbdint_getprompt(ssh_session session, unsigned int i, char *echo)
         ssh_set_error_invalid(session);
         return NULL;
     }
-    if (i > session->kbdint->nprompts) {
+    if (i >= session->kbdint->nprompts) {
         ssh_set_error_invalid(session);
         return NULL;
     }