ssh: Handle successful SSH_USERAUTH_NONE

According to the documentation for libssh2_userauth_list(), a NULL return value is not necessarily an error. You must call libssh2_userauth_authenticated() to determine if the SSH_USERAUTH_NONE request was successful. This fixes a segv when using sftp on a server that allows logins with an empty password. When NULL was interpreted as an error, it would free the session but not flag an error since the libssh2 errno would be clear. This resulted in dereferencing a NULL session pointer. Signed-off-by: Tyler Hall <tylerwhall@gmail.com>
author: Tyler Hall <tylerwhall@gmail.com> 2013-10-14 22:24:17 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2013-10-15 20:53:09 +0200
commit: 0218a737fe7b8f47d07d815e4b75648078ddc5d2 (patch)
tree: 0d91156649ae83538256313b7b21c82be5f0de93 /lib/ssh.c
parent: 18ca0aa9842d3fb6e0740515df7b5960fab4408e (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/lib/ssh.c b/lib/ssh.c
index c213225db..79f58bbf3 100644
--- a/lib/ssh.c
+++ b/lib/ssh.c
@@ -754,7 +754,13 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
                                              curlx_uztoui(strlen(conn->user)));
 
       if(!sshc->authlist) {
-        if((err = libssh2_session_last_errno(sshc->ssh_session)) ==
+        if(libssh2_userauth_authenticated(sshc->ssh_session)) {
+          sshc->authed = TRUE;
+          infof(data, "SSH user accepted with no authentication\n");
+          state(conn, SSH_AUTH_DONE);
+          break;
+        }
+        else if((err = libssh2_session_last_errno(sshc->ssh_session)) ==
            LIBSSH2_ERROR_EAGAIN) {
           rc = LIBSSH2_ERROR_EAGAIN;
           break;
author	Tyler Hall <tylerwhall@gmail.com>	2013-10-14 22:24:17 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2013-10-15 20:53:09 +0200
commit	0218a737fe7b8f47d07d815e4b75648078ddc5d2 (patch)
tree	0d91156649ae83538256313b7b21c82be5f0de93 /lib/ssh.c
parent	18ca0aa9842d3fb6e0740515df7b5960fab4408e (diff)