PHP :: Bug #62376 :: Segmentation Fault with keyboard-interactive auth

Bug #62376	Segmentation Fault with keyboard-interactive auth
Submitted:	2012-06-20 21:23 UTC	Modified:	2012-06-21 07:08 UTC
From:	brak at gameservers dot com	Assigned:	langemeijer (profile)
Status:	Closed	Package:	ssh2 (PECL)
PHP Version:	5.3.14	OS:	CentOS 6.2
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	brak at gameservers dot com
New email:
PHP Version:		OS:

New Comment:

[2012-06-20 21:23 UTC] brak at gameservers dot com

Description:
------------
I'm seeing a segmentation fault when I try to connect and authenticate to a 
server 
that only supports keyboard-interactive auth.  

I applied http://svn.php.net/viewvc/pecl/ssh2/trunk/ssh2.c?r1=326120&r2=326198 
to 
v0.11.3 of the code.

I see this crash every time, I believe I've traced it down to this line:

// line below does NOT estrdup() because it is used and freed by the libssh2 
library
responses[0].text = strdup(password_for_kbd_callback);

Later on, that response gets cleaned up by a LIBSSH2_FREE call, which ultimately 
calls efree().  I believe this crash is occurring because estrdup was not used.  
If I switch that line to use estrdup, the crash ceases.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-06-21 07:06 UTC] langemeijer@php.net

Automatic comment from SVN on behalf of langemeijer
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=326278
Log: Use estrdup() to fix bug #62376

[2012-06-21 07:08 UTC] langemeijer@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: langemeijer

[2012-06-21 07:08 UTC] langemeijer@php.net

Thank you that you took some time to test this!

Change is committed in SVN.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 12:01:31 2024 UTC