From dbb4c4cc119be29f3809ed46c64a95c7a8e650a9 Mon Sep 17 00:00:00 2001 From: Eshan Kelkar Date: Mon, 18 Aug 2025 17:15:57 -0500 Subject: [PATCH] bugfix: test presence of before_connection before dereferencing A proxyjump callback structure consists of three callbacks as of this writing: before_connection, authenticate and verify_knownhost. One or more of these callbacks can be set as NULL by the user to indicate that libssh should use the defaults. The code checked the presence of the callback stucture but not whether before_connection was available or not (non NULL) before dereferencing it. This could lead to undefined behaviour if the user specifies say authenticate and verify_knownhost for a jump host but not before_connection. This commit fixes the code to add a check for before_connection being non NULL before trying access it. Signed-off-by: Eshan Kelkar Reviewed-by: Jakub Jelen Reviewed-by: Andreas Schneider (cherry picked from commit 26b9ba5f8cca0add73d36c0d593e41ca628837a4) --- src/socket.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/socket.c b/src/socket.c index 536312e1..a19a9087 100644 --- a/src/socket.c +++ b/src/socket.c @@ -1096,7 +1096,7 @@ jump_thread_func(void *arg) cb = ssh_list_pop_head(struct ssh_jump_callbacks_struct *, jump_session->opts.proxy_jumps_user_cb); - if (cb != NULL) { + if (cb != NULL && cb->before_connection != NULL) { rc = cb->before_connection(jump_session, cb->userdata); if (rc != SSH_OK) { SSH_LOG(SSH_LOG_WARN, "%s", ssh_get_error(jump_session));