Home Explore Help
Register Sign In
OWEALs
/
curl
mirror of https://github.com/curl/curl.git
2
0
Fork 0
Files Issues 8 Wiki
Browse Source

libssh2: set length to 0 if strdup failed

Internally, libssh2 dereferences the NULL pointer if length is non-zero.
The callback function cannot return the error condition, so at least
prevent subsequent crash.

Closes #13213
Tobias Stoeckmann 1 month ago
parent
4ad9d29705
commit
6f32048200
1 changed files with 2 additions and 1 deletions
Split View Show Diff Stats
  1. 2 1
      lib/vssh/libssh2.c

+ 2 - 1
lib/vssh/libssh2.c
View File 

@@ -201,7 +201,8 @@ kbd_callback(const char *name, int name_len, const char *instruction,
 
   if(num_prompts == 1) {
 
     struct connectdata *conn = data->conn;
 
     responses[0].text = strdup(conn->passwd);
 
-    responses[0].length = curlx_uztoui(strlen(conn->passwd));
 
+    responses[0].length =
 
+      responses[0].text == NULL ? 0 : curlx_uztoui(strlen(conn->passwd));
 
   }
 
   (void)prompts;
 
 } /* kbd_callback */