pxcloud/guacamole-server
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3c7a09f52b
guacamole-server/src
History
sanhex 3c7a09f52b GUACAMOLE-400: Fix guacd crash when ssh key fails 
Root Cause:
In the ssh library of guacd, function ssh_client_thread(), when guac_ssh_get_user() fails to load private key for ssh authentication, it will return NULL. In this case, the subsequent call to guac_common_ssh_create_session() with parameter 'user=0x0' will cause guacd crash in function guac_common_ssh_authenticate() by accessing 'user->username'.

Solution:
- Update the comment of function guac_ssh_get_user() to document that NULL will be returned if fails to import key for the user.
- In function ssh_client_thread(), verify the return of guac_ssh_get_user(). If ssh_client->user is NULL, return NULL.

Test:
- Configured a ssh app with an encrypted private key and a wrong passphrase.
- Ran the ssh app from web portal and observed guacd crash.
- Applied the fix and reran the ssh app. Observed no crash.
2017-09-29 11:04:48 -07:00
..
common GUACAMOLE-325: Do not lock files on Windows. Use Windows-specific _mkdir() call where necessary. 2017-07-05 20:55:02 -07:00
common-ssh GUACAMOLE-396: Fixing ssh socket for IPv6 address 2017-09-26 17:19:18 -07:00
guacd GUACAMOLE-391: resolve low impact memory leak 2017-09-24 13:42:59 +05:00
guacd-docker GUACAMOLE-97: Update guacd Docker README.md with respect to Apache. 2016-10-04 12:25:07 -07:00
guacenc GUACAMOLE-314: Bump version numbers to 0.9.13-incubating. 2017-06-01 22:48:02 -07:00
libguac GUACAMOLE-325: Add Winsock-specific guac_socket implementation. 2017-07-05 20:55:03 -07:00
protocols GUACAMOLE-400: Fix guacd crash when ssh key fails 2017-09-29 11:04:48 -07:00
pulse GUACAMOLE-240: Document parameters and behavior of PulseAudio callbacks. 2017-03-15 22:26:11 -07:00
terminal GUACAMOLE-383: resolve issues identified by cppcheck 2017-09-20 22:55:58 +05:00