[gnurl] 274/282: sftp: fix segfault regression introduced by #4747

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gnurl] 274/282: sftp: fix segfault regression introduced by #4747

From:	gnunet
Subject:	[gnurl] 274/282: sftp: fix segfault regression introduced by #4747
Date:	Wed, 01 Apr 2020 14:32:19 +0200

This is an automated email from the git hooks/post-receive script.

ng0 pushed a commit to branch master
in repository gnurl.

commit e96fe70cabcb3a5a009821dbb453dc0160ddc3f5
Author: Jim Fuller <address@hidden>
AuthorDate: Sun Mar 8 18:35:21 2020 +0100

    sftp: fix segfault regression introduced by #4747
    
    This fix adds a defensive check for the case where the char *name in
    struct libssh2_knownhost is NULL
    
    Fixes #5041
    Closes #5062
---
 lib/vssh/libssh2.c      | 41 +++++++++++++++++++++++++----------------
 tests/data/Makefile.inc |  2 +-
 tests/data/test1459     | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 72 insertions(+), 17 deletions(-)

diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c
index 8e043747e..c487ccabb 100644
--- a/lib/vssh/libssh2.c
+++ b/lib/vssh/libssh2.c
@@ -694,31 +694,40 @@ static CURLcode ssh_force_knownhost_key_type(struct 
connectdata *conn)
     while(!libssh2_knownhost_get(sshc->kh, &store, store)) {
       /* For non-standard ports, the name will be enclosed in */
       /* square brackets, followed by a colon and the port */
-      if(store->name[0] == '[') {
-        kh_name_end = strstr(store->name, "]:");
-        if(!kh_name_end) {
-          infof(data, "Invalid host pattern %s in %s\n",
-                store->name, data->set.str[STRING_SSH_KNOWNHOSTS]);
-          continue;
-        }
-        port = atoi(kh_name_end + 2);
-        if(kh_name_end && (port == conn->remote_port)) {
-          kh_name_size = strlen(store->name) - 1 - strlen(kh_name_end);
-          if(strncmp(store->name + 1, conn->host.name, kh_name_size) == 0) {
+      if(store) {
+        if(store->name) {
+          if(store->name[0] == '[') {
+            kh_name_end = strstr(store->name, "]:");
+            if(!kh_name_end) {
+              infof(data, "Invalid host pattern %s in %s\n",
+                    store->name, data->set.str[STRING_SSH_KNOWNHOSTS]);
+              continue;
+            }
+            port = atoi(kh_name_end + 2);
+            if(kh_name_end && (port == conn->remote_port)) {
+              kh_name_size = strlen(store->name) - 1 - strlen(kh_name_end);
+              if(strncmp(store->name + 1,
+                 conn->host.name, kh_name_size) == 0) {
+                found = true;
+                break;
+              }
+            }
+          }
+          else if(strcmp(store->name, conn->host.name) == 0) {
             found = true;
             break;
           }
         }
-      }
-      else if(strcmp(store->name, conn->host.name) == 0) {
-        found = true;
-        break;
+        else {
+          found = true;
+          break;
+        }
       }
     }
 
     if(found) {
       infof(data, "Found host %s in %s\n",
-            store->name, data->set.str[STRING_SSH_KNOWNHOSTS]);
+            conn->host.name, data->set.str[STRING_SSH_KNOWNHOSTS]);
 
       switch(store->typemask & LIBSSH2_KNOWNHOST_KEY_MASK) {
 #ifdef LIBSSH2_KNOWNHOST_KEY_ED25519
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 3eca9d2c2..3d8565c36 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -171,7 +171,7 @@ test1424 test1425 test1426 test1427 \
 test1428 test1429 test1430 test1431 test1432 test1433 test1434 test1435 \
 test1436 test1437 test1438 test1439 test1440 test1441 test1442 test1443 \
 test1444 test1445 test1446 test1447 test1448 test1449 test1450 test1451 \
-test1452 test1453 test1454 test1455 test1456 test1457 test1458\
+test1452 test1453 test1454 test1455 test1456 test1457 test1458 test1459 \
 test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
 test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
 test1516 test1517 test1518 test1519 test1520 test1521 test1522 test1523 \
diff --git a/tests/data/test1459 b/tests/data/test1459
new file mode 100644
index 000000000..3e89595e4
--- /dev/null
+++ b/tests/data/test1459
@@ -0,0 +1,46 @@
+<testcase>
+<info>
+<keywords>
+SFTP
+known_hosts
+</keywords>
+</info>
+
+#
+# Client-side
+<client>
+<server>
+sftp
+</server>
+<precheck>
+mkdir -p %PWD/log/test1459.dir/.ssh
+</precheck>
+<features>
+sftp
+</features>
+ <name>
+SFTP with corrupted known_hosts
+ </name>
+ <command>
+-u : sftp://%HOSTIP:%SSHPORT/ -l
+</command>
+<file name="log/test1459.dir/.ssh/known_hosts">
+|1|qy29Y1x/+/F39AzdG5515YSSw+c=|iB2WX5jrU3ZTWc+ZfGau7HHEvBc= ssh-rsa 
AAAAB3NzaC1yc2EAAAABIwAAAIEAynDN8cDJ3xNzRjTNNGciSHSxpubxhZ6YnkLdp1TkrGW8n\
+R93Ey5VtBeBblYTRlFXBWJgKFcTKBRJ/O4qBZwbUgt10AHj31i6h8NehfT19tR8wG/YCmj3KtYLHmwdzmW1edEL9G2NdX2KiKYv7/zuly3QvmP0QA0NhWkAz0KdWNM=
+</file>
+<setenv>
+CURL_HOME=%PWD/log/test1459.dir
+</setenv>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<errorcode>
+60
+</errorcode>
+<valgrind>
+disable
+</valgrind>
+</verify>
+</testcase>
+

-- 
To stop receiving notification emails like this one, please contact
address@hidden.

[Prev in Thread]

Current Thread

[Next in Thread]

[gnurl] 271/282: silly web server: silent a compilation warning, (continued)
- [gnurl] 271/282: silly web server: silent a compilation warning, gnunet, 2020/04/01
- [gnurl] 272/282: socks4: fix host resolve regression, gnunet, 2020/04/01
- [gnurl] 263/282: mime: latch last read callback status., gnunet, 2020/04/01
- [gnurl] 246/282: multi: skip EINTR check on wakeup socket if it was closed, gnunet, 2020/04/01
- [gnurl] 253/282: pause: force a connection (re-)check after unpausing, gnunet, 2020/04/01
- [gnurl] 273/282: RELEASE-NOTES: synced, gnunet, 2020/04/01
- [gnurl] 267/282: sha256: Added SecureTransport implementation, gnunet, 2020/04/01
- [gnurl] 265/282: mime: fix the binary encoder to handle large data properly, gnunet, 2020/04/01
- [gnurl] 275/282: runtests: log minimal and maximal used port numbers, gnunet, 2020/04/01
- [gnurl] 279/282: test1129: fix invalid case of closing XML-tag and Content-Length, gnunet, 2020/04/01
- [gnurl] 274/282: sftp: fix segfault regression introduced by #4747, gnunet <=
- [gnurl] 277/282: tests/data: fix static ip:port instead of dynamic values being used, gnunet, 2020/04/01
- [gnurl] 281/282: RELEASE-NOTES: 7.69.1, gnunet, 2020/04/01
- [gnurl] 270/282: cookie: get_top_domain() sets zero length for null domains, gnunet, 2020/04/01
- [gnurl] 268/282: sha256: Added WinCrypt implementation, gnunet, 2020/04/01
- [gnurl] 264/282: mime: do not perform more than one read in a row, gnunet, 2020/04/01
- [gnurl] 276/282: tests/server: fix missing use of exe_ext helper function, gnunet, 2020/04/01
- [gnurl] 278/282: tests/data: fix static ip instead of dynamic value being used, gnunet, 2020/04/01
- [gnurl] 280/282: THANKS: from the 7.69.1 release, gnunet, 2020/04/01
- [gnurl] 282/282: Merge tag 'curl-7_69_1', gnunet, 2020/04/01

Prev by Date: [gnurl] 279/282: test1129: fix invalid case of closing XML-tag and Content-Length
Next by Date: [gnurl] 277/282: tests/data: fix static ip:port instead of dynamic values being used
Previous by thread: [gnurl] 279/282: test1129: fix invalid case of closing XML-tag and Content-Length
Next by thread: [gnurl] 277/282: tests/data: fix static ip:port instead of dynamic values being used
Index(es):
- Date
- Thread