diff options
author | milo <milo@r0ot.me> | 2011-04-14 13:28:48 +0200 |
---|---|---|
committer | milo <milo@r0ot.me> | 2011-04-14 13:31:11 +0200 |
commit | 23b28a573c852e2d36f7d2dc52ef43a426267a47 (patch) | |
tree | 23f80e0b3c676753b92b03c788f1333d99901ea5 | |
parent | 934252d6ca2b8d03d7ff7005443a416abae57b25 (diff) | |
download | libssh-23b28a573c852e2d36f7d2dc52ef43a426267a47.tar.gz libssh-23b28a573c852e2d36f7d2dc52ef43a426267a47.tar.xz libssh-23b28a573c852e2d36f7d2dc52ef43a426267a47.zip |
Fix a 0 bytes malloc in server kbdint implementation
-rw-r--r-- | src/server.c | 47 |
1 files changed, 26 insertions, 21 deletions
diff --git a/src/server.c b/src/server.c index 4ac07bb..a3d3889 100644 --- a/src/server.c +++ b/src/server.c @@ -860,31 +860,36 @@ int ssh_message_auth_interactive_request(ssh_message msg, const char *name, } msg->session->kbdint->nprompts = num_prompts; - msg->session->kbdint->prompts = malloc(num_prompts * sizeof(char *)); - if (msg->session->kbdint->prompts == NULL) { - msg->session->kbdint->nprompts = 0; - ssh_set_error_oom(msg->session); - kbdint_free(msg->session->kbdint); - msg->session->kbdint = NULL; - return SSH_ERROR; - } - msg->session->kbdint->echo = malloc(num_prompts * sizeof(char)); - if (msg->session->kbdint->echo == NULL) { - ssh_set_error_oom(msg->session); - kbdint_free(msg->session->kbdint); - msg->session->kbdint = NULL; - return SSH_ERROR; - } - for (i = 0; i < num_prompts; i++) { - msg->session->kbdint->echo[i] = echo[i]; - msg->session->kbdint->prompts[i] = strdup(prompts[i]); - if (msg->session->kbdint->prompts[i] == NULL) { + if(num_prompts > 0) { + msg->session->kbdint->prompts = malloc(num_prompts * sizeof(char *)); + if (msg->session->kbdint->prompts == NULL) { + msg->session->kbdint->nprompts = 0; ssh_set_error_oom(msg->session); - msg->session->kbdint->nprompts = i; kbdint_free(msg->session->kbdint); msg->session->kbdint = NULL; - return SSH_PACKET_USED; + return SSH_ERROR; + } + msg->session->kbdint->echo = malloc(num_prompts * sizeof(char)); + if (msg->session->kbdint->echo == NULL) { + ssh_set_error_oom(msg->session); + kbdint_free(msg->session->kbdint); + msg->session->kbdint = NULL; + return SSH_ERROR; } + for (i = 0; i < num_prompts; i++) { + msg->session->kbdint->echo[i] = echo[i]; + msg->session->kbdint->prompts[i] = strdup(prompts[i]); + if (msg->session->kbdint->prompts[i] == NULL) { + ssh_set_error_oom(msg->session); + msg->session->kbdint->nprompts = i; + kbdint_free(msg->session->kbdint); + msg->session->kbdint = NULL; + return SSH_PACKET_USED; + } + } + } else { + msg->session->kbdint->prompts = NULL; + msg->session->kbdint->echo = NULL; } return r; |