I'm seeing couple of issues with regard to password based authentication in libnetconf.
Can these issues be fixed ?
Thanks in advance.
Memory leak in callback_sshauth_publickey_default
We are allocating memory at line 162, but are returning NULL at some places on error without freeing the memory.
buf = malloc (buflen * sizeof(char));
if (buf == NULL) {
ERROR("Memory allocation failed (%s:%d - %s).", FILE, LINE, strerror(errno));
return (NULL);
}
if ((tty = fopen("/dev/tty", "r+")) == NULL) {
ERROR("Unable to open the current terminal (%s:%d - %s).", FILE, LINE, strerror(errno));
return (NULL);
}
if (tcgetattr(fileno(tty), &oldterm) != 0) {
ERROR("Unable to get terminal settings (%d: %s).", LINE, strerror(errno));
return (NULL);
}
nc_session_connect_libssh_socket doesn't handle the NULL returned by callback_sshauth_publickey_default
In ssh.c line 297, we don't do NULL check and start using returned value , resulting in a crash in libssh eventually.
s = callbacks.sshauth_password(username, host);
while ((ret_auth = ssh_userauth_password(retval->ssh_sess, username, s)) == SSH_AUTH_AGAIN) {
Hi,
I'm seeing couple of issues with regard to password based authentication in libnetconf. Can these issues be fixed ? Thanks in advance.
Memory leak in callback_sshauth_publickey_default We are allocating memory at line 162, but are returning NULL at some places on error without freeing the memory. buf = malloc (buflen * sizeof(char)); if (buf == NULL) { ERROR("Memory allocation failed (%s:%d - %s).", FILE, LINE, strerror(errno)); return (NULL); } if ((tty = fopen("/dev/tty", "r+")) == NULL) { ERROR("Unable to open the current terminal (%s:%d - %s).", FILE, LINE, strerror(errno)); return (NULL); } if (tcgetattr(fileno(tty), &oldterm) != 0) { ERROR("Unable to get terminal settings (%d: %s).", LINE, strerror(errno)); return (NULL); }
nc_session_connect_libssh_socket doesn't handle the NULL returned by callback_sshauth_publickey_default In ssh.c line 297, we don't do NULL check and start using returned value , resulting in a crash in libssh eventually. s = callbacks.sshauth_password(username, host); while ((ret_auth = ssh_userauth_password(retval->ssh_sess, username, s)) == SSH_AUTH_AGAIN) {
Best regards, Parameswaran