shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-11 02:38:09 +09:00
Code Issues Packages Projects Releases Wiki Activity

Add more error checks to handle_userauth_request().

Browse Source 
git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@441 7dcaeef0-15fb-0310-b436-a5af3365683c
This commit is contained in:
Andreas Schneider
2009-04-09 11:03:08 +00:00
parent 04ab5c1b82
commit 61bee4c60c
1 changed files with 92 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
libssh/messages.c
View File

@@ -112,11 +112,13 @@ static int handle_unimplemented(SSH_SESSION *session) {
} }
static SSH_MESSAGE *handle_userauth_request(SSH_SESSION *session){ static SSH_MESSAGE *handle_userauth_request(SSH_SESSION *session){
STRING *user=buffer_get_ssh_string(session->in_buffer); STRING *user = NULL;
STRING *service=buffer_get_ssh_string(session->in_buffer); STRING *service = NULL;
STRING *method=buffer_get_ssh_string(session->in_buffer); STRING *method = NULL;
SSH_MESSAGE *msg; SSH_MESSAGE *msg = NULL;
char *service_c,*method_c; char *service_c = NULL;
char *method_c = NULL
enter_function(); enter_function();
msg = message_new(session); msg = message_new(session);
@@ -124,40 +126,89 @@ static SSH_MESSAGE *handle_userauth_request(SSH_SESSION *session){
return NULL; return NULL;
} }
user = buffer_get_ssh_string(session->in_buffer);
if (user == NULL) {
goto error;
}
service = buffer_get_ssh_string(session->in_buffer);
if (service == NULL) {
goto error;
}
method = buffer_get_ssh_string(session->in_buffer);
if (method == NULL) {
goto error;
}
msg->type = SSH_AUTH_REQUEST; msg->type = SSH_AUTH_REQUEST;
msg->auth_request.username = string_to_char(user); msg->auth_request.username = string_to_char(user);
free(user); if (msg->auth_request.username == NULL) {
goto error;
}
string_free(user);
service_c = string_to_char(service); service_c = string_to_char(service);
if (service_c == NULL) {
goto error;
}
method_c = string_to_char(method); method_c = string_to_char(method);
free(service); if (method_c == NULL) {
free(method); goto error;
}
string_free(service);
string_free(method);
ssh_log(session, SSH_LOG_PACKET, ssh_log(session, SSH_LOG_PACKET,
"Auth request for service %s, method %s for user '%s'", "Auth request for service %s, method %s for user '%s'",
service_c, method_c, service_c, method_c,
msg->auth_request.username); msg->auth_request.username);
free(service_c);
if(!strcmp(method_c,"none")){ SAFE_FREE(service_c);
if (strcmp(method_c, "none") == 0) {
msg->auth_request.method = SSH_AUTH_NONE; msg->auth_request.method = SSH_AUTH_NONE;
free(method_c); SAFE_FREE(method_c);
leave_function(); leave_function();
return msg; return msg;
} }
if(!strcmp(method_c,"password")){
STRING *pass; if (strcmp(method_c, "password") == 0) {
STRING *pass == NULL;
u8 tmp; u8 tmp;
msg->auth_request.method = SSH_AUTH_PASSWORD; msg->auth_request.method = SSH_AUTH_PASSWORD;
free(method_c); SAFE_FREE(method_c);
buffer_get_u8(session->in_buffer, &tmp); buffer_get_u8(session->in_buffer, &tmp);
pass = buffer_get_ssh_string(session->in_buffer); pass = buffer_get_ssh_string(session->in_buffer);
if (pass == NULL) {
goto error;
}
msg->auth_request.password = string_to_char(pass); msg->auth_request.password = string_to_char(pass);
free(pass); string_free(pass);
if (msg->auth_request.password == NULL) {
goto error;
}
leave_function(); leave_function();
return msg; return msg;
} }
msg->auth_request.method = SSH_AUTH_UNKNOWN; msg->auth_request.method = SSH_AUTH_UNKNOWN;
free(method_c); SAFE_FREE(method_c);
leave_function(); leave_function();
return msg; return msg;
error:
string_free(user);
string_free(service);
string_free(method);
SAFE_FREE(method_c);
SAFE_FREE(service_c);
ssh_message_free(msg);
leave_function();
return NULL;
} }
char *ssh_message_auth_user(SSH_MESSAGE *msg){ char *ssh_message_auth_user(SSH_MESSAGE *msg){