[Bug 2539] Add missing sanity check for read_passphrase() in auth-pam.c

2016-08-01 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2539

Damien Miller  changed:

   What|Removed |Added

 Status|RESOLVED|CLOSED

--- Comment #2 from Damien Miller  ---
Close all resolved bugs after 7.3p1 release

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2539] Add missing sanity check for read_passphrase() in auth-pam.c

2016-02-14 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2539

Darren Tucker  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 CC||dtuc...@zip.com.au
 Resolution|--- |INVALID

--- Comment #1 from Darren Tucker  ---
(In reply to Bill Parker from comment #0)
>   In reviewing code in OpenSSH-7.1p2, it would appear in file
> 'auth-pam.c',
> function 'sshpam_tty_conv()', there is a call to read_passphrase()
> which is not checked for a return value of NULL, indicating failure.
> The patch file below should address/correct this issue:
[...]
> reply[i].resp =
> read_passphrase(PAM_MSG_MEMBER(msg, i,
> msg),
> RP_ALLOW_STDIN);
> +   if (reply[i].resp == NULL)
> +   goto fail;

Thanks, but read_passphrase() can only return NULL if given the
RP_ALLOW_EOF flag which this code doesn't, so in this case it's
guaranteed to be non-NULL.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs