[FFmpeg-devel] [PATCH] avformat/libssh: check the user provided a password before trying to use it
James Almer
jamrial at gmail.com
Thu Jan 11 15:52:22 EET 2018
On 1/11/2018 8:05 AM, James Cowgill wrote:
> Hi,
>
> On 11/06/17 18:47, jamrial at gmail.com (James Almer) wrote:
>> Fixes ticket #6413
>>
>> Signed-off-by: James Almer <jamrial at gmail.com>
>> ---
>> The public key authentication also tries to use the password variable. I
>> don't know if NULL is valid in that case or not.
>> Perhaps for that one it would be better to replace the current usage of
>> legacy API instead.
>>
>> libavformat/libssh.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>
> Please can this patch be applied to the stable branches. Someone using
> Debian stable (3.2.9) reported it:
> https://bugs.debian.org/886912
>
> Commit 8ddb6820bd52df6ed616abc3d8be200b126aa8c1 applied to 3.4.
>
> Thanks,
> James
Pushed to the most recent branches. It should be part of 3.2.10
>
>> diff --git a/libavformat/libssh.c b/libavformat/libssh.c
>> index 49e92e7516..9e3d4da45e 100644
>> --- a/libavformat/libssh.c
>> +++ b/libavformat/libssh.c
>> @@ -103,7 +103,7 @@ static av_cold int libssh_authentication(LIBSSHContext *libssh, const char *user
>> }
>> }
>>
>> - if (!authorized && (auth_methods & SSH_AUTH_METHOD_PASSWORD)) {
>> + if (!authorized && password && (auth_methods & SSH_AUTH_METHOD_PASSWORD)) {
>> if (ssh_userauth_password(libssh->session, NULL, password) == SSH_AUTH_SUCCESS) {
>> av_log(libssh, AV_LOG_DEBUG, "Authentication successful with password.\n");
>> authorized = 1;
>>
>
>
More information about the ffmpeg-devel
mailing list