https://bugzilla.mindrot.org/show_bug.cgi?id=3425
Bug ID: 3425 Summary: sshauthopt_new() call in auth_restrict_session in auth.c has no NULL check Product: Portable OpenSSH Version: v9.0p1 Hardware: Other OS: Windows 11 Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-b...@mindrot.org Reporter: tessgauth...@microsoft.com sshauthopt_net() is an unguarded null returned reference: void auth_restrict_session(struct ssh *ssh) { struct sshauthopt *restricted; debug_f("restricting session"); /* A blank sshauthopt defaults to permitting nothing */ restricted = sshauthopt_new(); restricted->permit_pty_flag = 1; restricted->restricted = 1; if (auth_activate_options(ssh, restricted) != 0) fatal_f("failed to restrict session"); sshauthopt_free(restricted); } -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs