From: Michal Privoznik <[email protected]>
Simirarly to virAuthGetUsernamePath() check whether callback used
to collect credentials is actually set before calling it. This
bug is easily reproducible, for instance as:
int credtype[] = { VIR_CRED_PASSPHRASE };
virConnectPtr conn = virConnectOpenAuth("esx://[email protected]/",
&(virConnectAuth){
.credtype = credtype,
.ncredtype = 1,
.cb = NULL
},
0);
Signed-off-by: Michal Privoznik <[email protected]>
---
src/util/virauth.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/util/virauth.c b/src/util/virauth.c
index fd4b13de7a..2820220897 100644
--- a/src/util/virauth.c
+++ b/src/util/virauth.c
@@ -229,6 +229,12 @@ virAuthGetPasswordPath(const char *path,
return NULL;
}
+ if (!auth->cb) {
+ virReportError(VIR_ERR_INVALID_ARG, "%s",
+ _("Missing authentication callback"));
+ return NULL;
+ }
+
prompt = g_strdup_printf(_("Enter %1$s's password for %2$s"), username,
hostname);
if (!(cred = virAuthAskCredential(auth, prompt, false)))
--
2.53.0
