GUACAMOLE-400: Fix guacd crash when ssh key fails

Root Cause:
In the ssh library of guacd, function ssh_client_thread(), when guac_ssh_get_user() fails to load private key for ssh authentication, it will return NULL. In this case, the subsequent call to guac_common_ssh_create_session() with parameter 'user=0x0' will cause guacd crash in function guac_common_ssh_authenticate() by accessing 'user->username'.

Solution:
- Update the comment of function guac_ssh_get_user() to document that NULL will be returned if fails to import key for the user.
- In function ssh_client_thread(), verify the return of guac_ssh_get_user(). If ssh_client->user is NULL, return NULL.

Test:
- Configured a ssh app with an encrypted private key and a wrong passphrase.
- Ran the ssh app from web portal and observed guacd crash.
- Applied the fix and reran the ssh app. Observed no crash.
This commit is contained in:
sanhex 2017-09-29 10:44:24 -07:00
parent f559701645
commit 3c7a09f52b

View File

@ -63,7 +63,8 @@
* terminal to use when prompting the user. * terminal to use when prompting the user.
* *
* @return * @return
* A new user object containing the user's username and other credentials. * A new user object containing the user's username and other credentials,
* or NULL if fails to import key.
*/ */
static guac_common_ssh_user* guac_ssh_get_user(guac_client* client) { static guac_common_ssh_user* guac_ssh_get_user(guac_client* client) {
@ -215,6 +216,10 @@ void* ssh_client_thread(void* data) {
/* Get user and credentials */ /* Get user and credentials */
ssh_client->user = guac_ssh_get_user(client); ssh_client->user = guac_ssh_get_user(client);
if (ssh_client->user == NULL) {
/* Already aborted within guac_ssh_get_user() */
return NULL;
}
/* Open SSH session */ /* Open SSH session */
ssh_client->session = guac_common_ssh_create_session(client, ssh_client->session = guac_common_ssh_create_session(client,