kex_agree_hostkey: fix NULL pointer derefence
While setting up the session, ssh tries to determine the type of encryption method it can use for the session. This requires looking at the keys offered by the remote host and comparing these with the methods supported by libssh2 (rsa & dss). To do this there is an iteration over the array containing the methods supported by libssh2. If there is no agreement on the type of encryption we come to the 3rd entry of the hostkeyp array. Here hostkeyp is valid but *hostkep is NULL. Thus when we dereference that in (*hostkeyp)->name there is a crash
This commit is contained in:
Jasmeet Bagga
committed by
Daniel Stenberg
Daniel Stenberg
parent
753e55ef23
commit
73be9fab04
@@ -1273,7 +1273,7 @@ static int kex_agree_hostkey(LIBSSH2_SESSION * session,
|
||||
return -1;
|
||||
}
|
||||
|
||||
while (hostkeyp && (*hostkeyp)->name) {
|
||||
while (hostkeyp && (*hostkeyp) && (*hostkeyp)->name) {
|
||||
s = kex_agree_instr(hostkey, hostkey_len,
|
||||
(unsigned char *) (*hostkeyp)->name,
|
||||
strlen((*hostkeyp)->name));
|
||||
|
||||
Reference in New Issue
Block a user