aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormilo <milo@r0ot.me>2011-04-14 13:28:48 +0200
committermilo <milo@r0ot.me>2011-04-14 13:31:11 +0200
commit23b28a573c852e2d36f7d2dc52ef43a426267a47 (patch)
tree23f80e0b3c676753b92b03c788f1333d99901ea5
parent934252d6ca2b8d03d7ff7005443a416abae57b25 (diff)
downloadlibssh-23b28a573c852e2d36f7d2dc52ef43a426267a47.tar.gz
libssh-23b28a573c852e2d36f7d2dc52ef43a426267a47.tar.xz
libssh-23b28a573c852e2d36f7d2dc52ef43a426267a47.zip
Fix a 0 bytes malloc in server kbdint implementation
-rw-r--r--src/server.c47
1 files changed, 26 insertions, 21 deletions
diff --git a/src/server.c b/src/server.c
index 4ac07bbf..a3d38896 100644
--- a/src/server.c
+++ b/src/server.c
@@ -860,31 +860,36 @@ int ssh_message_auth_interactive_request(ssh_message msg, const char *name,
}
msg->session->kbdint->nprompts = num_prompts;
- msg->session->kbdint->prompts = malloc(num_prompts * sizeof(char *));
- if (msg->session->kbdint->prompts == NULL) {
- msg->session->kbdint->nprompts = 0;
- ssh_set_error_oom(msg->session);
- kbdint_free(msg->session->kbdint);
- msg->session->kbdint = NULL;
- return SSH_ERROR;
- }
- msg->session->kbdint->echo = malloc(num_prompts * sizeof(char));
- if (msg->session->kbdint->echo == NULL) {
- ssh_set_error_oom(msg->session);
- kbdint_free(msg->session->kbdint);
- msg->session->kbdint = NULL;
- return SSH_ERROR;
- }
- for (i = 0; i < num_prompts; i++) {
- msg->session->kbdint->echo[i] = echo[i];
- msg->session->kbdint->prompts[i] = strdup(prompts[i]);
- if (msg->session->kbdint->prompts[i] == NULL) {
+ if(num_prompts > 0) {
+ msg->session->kbdint->prompts = malloc(num_prompts * sizeof(char *));
+ if (msg->session->kbdint->prompts == NULL) {
+ msg->session->kbdint->nprompts = 0;
ssh_set_error_oom(msg->session);
- msg->session->kbdint->nprompts = i;
kbdint_free(msg->session->kbdint);
msg->session->kbdint = NULL;
- return SSH_PACKET_USED;
+ return SSH_ERROR;
+ }
+ msg->session->kbdint->echo = malloc(num_prompts * sizeof(char));
+ if (msg->session->kbdint->echo == NULL) {
+ ssh_set_error_oom(msg->session);
+ kbdint_free(msg->session->kbdint);
+ msg->session->kbdint = NULL;
+ return SSH_ERROR;
}
+ for (i = 0; i < num_prompts; i++) {
+ msg->session->kbdint->echo[i] = echo[i];
+ msg->session->kbdint->prompts[i] = strdup(prompts[i]);
+ if (msg->session->kbdint->prompts[i] == NULL) {
+ ssh_set_error_oom(msg->session);
+ msg->session->kbdint->nprompts = i;
+ kbdint_free(msg->session->kbdint);
+ msg->session->kbdint = NULL;
+ return SSH_PACKET_USED;
+ }
+ }
+ } else {
+ msg->session->kbdint->prompts = NULL;
+ msg->session->kbdint->echo = NULL;
}
return r;