php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #62376 Segmentation Fault with keyboard-interactive auth
Submitted: 2012-06-20 21:23 UTC Modified: 2012-06-21 07:08 UTC
From: brak at gameservers dot com Assigned: langemeijer (profile)
Status: Closed Package: ssh2 (PECL)
PHP Version: 5.3.14 OS: CentOS 6.2
Private report: No CVE-ID: None
 [2012-06-20 21:23 UTC] brak at gameservers dot com
Description:
------------
I'm seeing a segmentation fault when I try to connect and authenticate to a 
server 
that only supports keyboard-interactive auth.  

I applied http://svn.php.net/viewvc/pecl/ssh2/trunk/ssh2.c?r1=326120&r2=326198 
to 
v0.11.3 of the code.

I see this crash every time, I believe I've traced it down to this line:

// line below does NOT estrdup() because it is used and freed by the libssh2 
library
responses[0].text = strdup(password_for_kbd_callback);

Later on, that response gets cleaned up by a LIBSSH2_FREE call, which ultimately 
calls efree().  I believe this crash is occurring because estrdup was not used.  
If I switch that line to use estrdup, the crash ceases.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-06-21 07:06 UTC] langemeijer@php.net
Automatic comment from SVN on behalf of langemeijer
Revision: http://svn.php.net/viewvc/?view=revision&revision=326278
Log: Use estrdup() to fix bug #62376
 [2012-06-21 07:08 UTC] langemeijer@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: langemeijer
 [2012-06-21 07:08 UTC] langemeijer@php.net
Thank you that you took some time to test this!

Change is committed in SVN.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 07:01:28 2024 UTC