Repository: incubator-guacamole-server Updated Branches: refs/heads/master 1d0e63b25 -> d35cc7a83
GUACAMOLE-400: Fix guacd crash when ssh key fails Root Cause: In the ssh library of guacd, function ssh_client_thread(), when guac_ssh_get_user() fails to load private key for ssh authentication, it will return NULL. In this case, the subsequent call to guac_common_ssh_create_session() with parameter 'user=0x0' will cause guacd crash in function guac_common_ssh_authenticate() by accessing 'user->username'. Solution: - Update the comment of function guac_ssh_get_user() to document that NULL will be returned if fails to import key for the user. - In function ssh_client_thread(), verify the return of guac_ssh_get_user(). If ssh_client->user is NULL, return NULL. Test: - Configured a ssh app with an encrypted private key and a wrong passphrase. - Ran the ssh app from web portal and observed guacd crash. - Applied the fix and reran the ssh app. Observed no crash. Project: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/commit/3c7a09f5 Tree: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/tree/3c7a09f5 Diff: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/diff/3c7a09f5 Branch: refs/heads/master Commit: 3c7a09f52bb576e5dab720b571e580b7e0acec43 Parents: f559701 Author: sanhex <[email protected]> Authored: Fri Sep 29 10:44:24 2017 -0700 Committer: sanhex <[email protected]> Committed: Fri Sep 29 11:04:48 2017 -0700 ---------------------------------------------------------------------- src/protocols/ssh/ssh.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/blob/3c7a09f5/src/protocols/ssh/ssh.c ---------------------------------------------------------------------- diff --git a/src/protocols/ssh/ssh.c b/src/protocols/ssh/ssh.c index b9bb59b..54d13e5 100644 --- a/src/protocols/ssh/ssh.c +++ b/src/protocols/ssh/ssh.c @@ -63,7 +63,8 @@ * terminal to use when prompting the user. * * @return - * A new user object containing the user's username and other credentials. + * A new user object containing the user's username and other credentials, + * or NULL if fails to import key. */ static guac_common_ssh_user* guac_ssh_get_user(guac_client* client) { @@ -215,6 +216,10 @@ void* ssh_client_thread(void* data) { /* Get user and credentials */ ssh_client->user = guac_ssh_get_user(client); + if (ssh_client->user == NULL) { + /* Already aborted within guac_ssh_get_user() */ + return NULL; + } /* Open SSH session */ ssh_client->session = guac_common_ssh_create_session(client,
