From 3c7a09f52bb576e5dab720b571e580b7e0acec43 Mon Sep 17 00:00:00 2001 From: sanhex Date: Fri, 29 Sep 2017 10:44:24 -0700 Subject: [PATCH] GUACAMOLE-400: Fix guacd crash when ssh key fails Root Cause: In the ssh library of guacd, function ssh_client_thread(), when guac_ssh_get_user() fails to load private key for ssh authentication, it will return NULL. In this case, the subsequent call to guac_common_ssh_create_session() with parameter 'user=0x0' will cause guacd crash in function guac_common_ssh_authenticate() by accessing 'user->username'. Solution: - Update the comment of function guac_ssh_get_user() to document that NULL will be returned if fails to import key for the user. - In function ssh_client_thread(), verify the return of guac_ssh_get_user(). If ssh_client->user is NULL, return NULL. Test: - Configured a ssh app with an encrypted private key and a wrong passphrase. - Ran the ssh app from web portal and observed guacd crash. - Applied the fix and reran the ssh app. Observed no crash. --- src/protocols/ssh/ssh.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/protocols/ssh/ssh.c b/src/protocols/ssh/ssh.c index b9bb59b3..54d13e5a 100644 --- a/src/protocols/ssh/ssh.c +++ b/src/protocols/ssh/ssh.c @@ -63,7 +63,8 @@ * terminal to use when prompting the user. * * @return - * A new user object containing the user's username and other credentials. + * A new user object containing the user's username and other credentials, + * or NULL if fails to import key. */ static guac_common_ssh_user* guac_ssh_get_user(guac_client* client) { @@ -215,6 +216,10 @@ void* ssh_client_thread(void* data) { /* Get user and credentials */ ssh_client->user = guac_ssh_get_user(client); + if (ssh_client->user == NULL) { + /* Already aborted within guac_ssh_get_user() */ + return NULL; + } /* Open SSH session */ ssh_client->session = guac_common_ssh_create_session(client,