openssh bugs - Apr 2022 - [Bug 3425] New: sshauthopt_new() call in auth_restrict_session in auth.c has no NULL check

https://bugzilla.mindrot.org/show_bug.cgi?id=3425

            Bug ID: 3425
           Summary: sshauthopt_new() call in auth_restrict_session in
                    auth.c has no NULL check
           Product: Portable OpenSSH
           Version: v9.0p1
          Hardware: Other
                OS: Windows 11
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: tessgauthier at microsoft.com

sshauthopt_net() is an unguarded null returned reference:

void
auth_restrict_session(struct ssh *ssh)
{
        struct sshauthopt *restricted;

        debug_f("restricting session");

        /* A blank sshauthopt defaults to permitting nothing */
        restricted = sshauthopt_new();
        restricted->permit_pty_flag = 1;
        restricted->restricted = 1;

        if (auth_activate_options(ssh, restricted) != 0)
                fatal_f("failed to restrict session");
        sshauthopt_free(restricted);
}

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3425

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |3418
                 CC|                            |dtucker at dtucker.net


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=3418
[Bug 3418] tracking bug for openssh-9.1
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3425

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
Applied, thanks:
https://github.com/openssh/openssh-portable/commit/67b7c784769c74fd4d6b147d91e17e1ac1a8a96d

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3425

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Closing bugs from openssh-9.1 release cycle

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.