https://bugzilla.mindrot.org/show_bug.cgi?id=2539
Darren Tucker changed:
What|Removed |Added
Status|NEW |RESOLVED
CC||dtuc...@zip.com.au
Resolution|--- |INVALID
--- Comment #1 from Darren Tucker ---
(In reply to Bill Parker from comment #0)
> In reviewing code in OpenSSH-7.1p2, it would appear in file
> 'auth-pam.c',
> function 'sshpam_tty_conv()', there is a call to read_passphrase()
> which is not checked for a return value of NULL, indicating failure.
> The patch file below should address/correct this issue:
[...]
> reply[i].resp =
> read_passphrase(PAM_MSG_MEMBER(msg, i,
> msg),
> RP_ALLOW_STDIN);
> + if (reply[i].resp == NULL)
> + goto fail;
Thanks, but read_passphrase() can only return NULL if given the
RP_ALLOW_EOF flag which this code doesn't, so in this case it's
guaranteed to be non-NULL.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs