[FFmpeg-devel] [PATCH] avformat/libssh: check the user provided a password before trying to use it
James Cowgill
jcowgill at debian.org
Thu Jan 11 13:05:01 EET 2018
Hi,
On 11/06/17 18:47, jamrial at gmail.com (James Almer) wrote:
> Fixes ticket #6413
>
> Signed-off-by: James Almer <jamrial at gmail.com>
> ---
> The public key authentication also tries to use the password variable. I
> don't know if NULL is valid in that case or not.
> Perhaps for that one it would be better to replace the current usage of
> legacy API instead.
>
> libavformat/libssh.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
Please can this patch be applied to the stable branches. Someone using
Debian stable (3.2.9) reported it:
https://bugs.debian.org/886912
Commit 8ddb6820bd52df6ed616abc3d8be200b126aa8c1 applied to 3.4.
Thanks,
James
> diff --git a/libavformat/libssh.c b/libavformat/libssh.c
> index 49e92e7516..9e3d4da45e 100644
> --- a/libavformat/libssh.c
> +++ b/libavformat/libssh.c
> @@ -103,7 +103,7 @@ static av_cold int libssh_authentication(LIBSSHContext *libssh, const char *user
> }
> }
>
> - if (!authorized && (auth_methods & SSH_AUTH_METHOD_PASSWORD)) {
> + if (!authorized && password && (auth_methods & SSH_AUTH_METHOD_PASSWORD)) {
> if (ssh_userauth_password(libssh->session, NULL, password) == SSH_AUTH_SUCCESS) {
> av_log(libssh, AV_LOG_DEBUG, "Authentication successful with password.\n");
> authorized = 1;
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20180111/bafc8d22/attachment.sig>
More information about the ffmpeg-devel
mailing list