shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-11 02:38:09 +09:00
Code Issues Packages Projects Releases Wiki Activity

Add more error checks to handle_userauth_request().

Browse Source 
git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@441 7dcaeef0-15fb-0310-b436-a5af3365683c
This commit is contained in:
Andreas Schneider
2009-04-09 11:03:08 +00:00
parent 04ab5c1b82
commit 61bee4c60c
1 changed files with 92 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

133
libssh/messages.c
View File

@@ -112,52 +112,103 @@ static int handle_unimplemented(SSH_SESSION *session) {
} }
static SSH_MESSAGE *handle_userauth_request(SSH_SESSION *session){ static SSH_MESSAGE *handle_userauth_request(SSH_SESSION *session){
STRING *user=buffer_get_ssh_string(session->in_buffer); STRING *user = NULL;
STRING *service=buffer_get_ssh_string(session->in_buffer); STRING *service = NULL;
STRING *method=buffer_get_ssh_string(session->in_buffer); STRING *method = NULL;
SSH_MESSAGE *msg; SSH_MESSAGE *msg = NULL;
char *service_c,*method_c; char *service_c = NULL;
char *method_c = NULL
enter_function(); enter_function();
msg = message_new(session); msg = message_new(session);
if (msg == NULL) { if (msg == NULL) {
return NULL; return NULL;
} }
msg->type=SSH_AUTH_REQUEST; user = buffer_get_ssh_string(session->in_buffer);
msg->auth_request.username=string_to_char(user); if (user == NULL) {
free(user); goto error;
service_c=string_to_char(service); }
method_c=string_to_char(method); service = buffer_get_ssh_string(session->in_buffer);
free(service); if (service == NULL) {
free(method); goto error;
ssh_log(session, SSH_LOG_PACKET, }
"Auth request for service %s, method %s for user '%s'", method = buffer_get_ssh_string(session->in_buffer);
service_c, method_c, if (method == NULL) {
msg->auth_request.username); goto error;
free(service_c); }
if(!strcmp(method_c,"none")){
msg->auth_request.method=SSH_AUTH_NONE; msg->type = SSH_AUTH_REQUEST;
free(method_c); msg->auth_request.username = string_to_char(user);
leave_function(); if (msg->auth_request.username == NULL) {
return msg; goto error;
} }
if(!strcmp(method_c,"password")){ string_free(user);
STRING *pass;
u8 tmp; service_c = string_to_char(service);
msg->auth_request.method=SSH_AUTH_PASSWORD; if (service_c == NULL) {
free(method_c); goto error;
buffer_get_u8(session->in_buffer,&tmp); }
pass=buffer_get_ssh_string(session->in_buffer); method_c = string_to_char(method);
msg->auth_request.password=string_to_char(pass); if (method_c == NULL) {
free(pass); goto error;
leave_function(); }
return msg;
} string_free(service);
msg->auth_request.method=SSH_AUTH_UNKNOWN; string_free(method);
free(method_c);
ssh_log(session, SSH_LOG_PACKET,
"Auth request for service %s, method %s for user '%s'",
service_c, method_c,
msg->auth_request.username);
SAFE_FREE(service_c);
if (strcmp(method_c, "none") == 0) {
msg->auth_request.method = SSH_AUTH_NONE;
SAFE_FREE(method_c);
leave_function(); leave_function();
return msg; return msg;
}
if (strcmp(method_c, "password") == 0) {
STRING *pass == NULL;
u8 tmp;
msg->auth_request.method = SSH_AUTH_PASSWORD;
SAFE_FREE(method_c);
buffer_get_u8(session->in_buffer, &tmp);
pass = buffer_get_ssh_string(session->in_buffer);
if (pass == NULL) {
goto error;
}
msg->auth_request.password = string_to_char(pass);
string_free(pass);
if (msg->auth_request.password == NULL) {
goto error;
}
leave_function();
return msg;
}
msg->auth_request.method = SSH_AUTH_UNKNOWN;
SAFE_FREE(method_c);
leave_function();
return msg;
error:
string_free(user);
string_free(service);
string_free(method);
SAFE_FREE(method_c);
SAFE_FREE(service_c);
ssh_message_free(msg);
leave_function();
return NULL;
} }
char *ssh_message_auth_user(SSH_MESSAGE *msg){ char *ssh_message_auth_user(SSH_MESSAGE *msg){