[libssh2] #169: segmentation fault in pubkey authentication
#169: segmentation fault in pubkey authentication -+-- Reporter: suyogjadhav | Owner: Type: defect | Status: new Priority: high | Milestone: Component: API | Version: 1.2.4 Keywords: |Blocking: Blockedby: | -+-- libssh2 encounter SIGSEGV when null passphrase is passed to libssh2_userauth_publickey_fromfile while the passed key requires a valid passphrase. My application takes these configuration from user,and when passed along they cause app to crash. The error is traced to passphrase_cb in openssl.c. This function does not check for null passphrase and tries to find strlen causing the segmentation fault. A simple check such as this would suffice, passphrase_len = 0; if(passphrase != NULL) passphrase_len = strlen(passphrase); -- Ticket URL: http://libssh2.stuge.se/ticket/169 libssh2 http://libssh2.stuge.se/ C library for writing portable SSH2 clients ___ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Re: [libssh2] #169: segmentation fault in pubkey authentication
#169: segmentation fault in pubkey authentication --+- Reporter: suyogjadhav | Owner: Type: defect | Status: closed Priority: high | Milestone: 1.2.5 Component: API | Version: 1.2.4 Resolution: fixed|Keywords: Blocking: | Blockedby: --+- Comment(by stuge): Replying to [comment:1 bagder]: Thanks, this is now fixed in git! I'm with Mikhail on this one: garbage in = garbage out. I don't think it is the job of libssh2 to validate every string pointer that applications pass in to the library. I'd moderately prefer the commit to be reverted. -- Ticket URL: http://libssh2.stuge.se/ticket/169#comment:2 libssh2 http://libssh2.stuge.se/ C library for writing portable SSH2 clients ___ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Re: [libssh2] #169: segmentation fault in pubkey authentication
#169: segmentation fault in pubkey authentication --+- Reporter: suyogjadhav | Owner: Type: defect | Status: closed Priority: high | Milestone: 1.2.5 Component: API | Version: 1.2.4 Resolution: fixed|Keywords: Blocking: | Blockedby: --+- Comment(by alamaison): I've got to say I would find it very strange to revert a fix that makes using our library ''safer''. Ideally, it should never be possible to crash no matter what inputs a component receives. -1 for reverting. -- Ticket URL: http://libssh2.stuge.se/ticket/169#comment:3 libssh2 http://libssh2.stuge.se/ C library for writing portable SSH2 clients ___ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Re: [libssh2] #169: segmentation fault in pubkey authentication
On Mon, 29 Mar 2010, libssh2 Trac wrote: Comment(by alamaison): I've got to say I would find it very strange to revert a fix that makes using our library ''safer''. Ideally, it should never be possible to crash no matter what inputs a component receives. -1 for reverting. I don't quite understand that resistance either. As I said before: this function is not documented clearly to *not* accept a NULL for a blank passphrase even though it isn't documented to accept it either. Given that small uncertainty in API funcionality I think it is quite easy to check against this specific case. It is not the same as to say that we always should check all arguments for junk or whatever. -- / daniel.haxx.se ___ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
RE: [libssh2] #169: segmentation fault in pubkey authentication
On Mon, 29 Mar 2010, Daniel Stenberg wrote: I don't quite understand that resistance either. As I said before: this function is not documented clearly to *not* accept a NULL for a blank passphrase even though it isn't documented to accept it either. Given that small uncertainty in API funcionality I think it is quite easy to check against this specific case. It would seem best to always clarify any points of uncertainty when ever possible. It is not the same as to say that we always should check all arguments for junk or whatever. I would not rule this out. Obviously it can be taken to absurd extremes, but a reasonable step to sanitize inputs can be very important. As a library, you can not be sure of the source of the inputs being sent to your library - did the application sanitize them enough or does doing nothing leave open a potential exploit? There has to be a balance somewhere between so sanitizing so insanly it drags everything to a griding halt and just leaving the barn door open and hoping no one notices or cares. - C Johnson ___ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Re: [libssh2] #169: segmentation fault in pubkey authentication
#169: segmentation fault in pubkey authentication --+- Reporter: suyogjadhav | Owner: Type: defect | Status: closed Priority: high | Milestone: 1.2.5 Component: API | Version: 1.2.4 Resolution: fixed|Keywords: Blocking: | Blockedby: --+- Comment(by suyogjadhav): just to point out that...these values are taken from user...and there is no way to know beforehand if the key requires a valid passphrase or null.If there is some way to do this please let me know. -- Ticket URL: http://libssh2.stuge.se/ticket/169#comment:4 libssh2 http://libssh2.stuge.se/ C library for writing portable SSH2 clients ___ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
