[FFmpeg-devel] [PATCH] avformat/libssh: check the user provided a password before trying to use it

James Almer Sun, 11 Jun 2017 10:57:57 -0700

Fixes ticket #6413

Signed-off-by: James Almer <jamr...@gmail.com>
---
The public key authentication also tries to use the password variable. I
don't know if NULL is valid in that case or not.
Perhaps for that one it would be better to replace the current usage of
legacy API instead.


 libavformat/libssh.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/libssh.c b/libavformat/libssh.c
index 49e92e7516..9e3d4da45e 100644
--- a/libavformat/libssh.c
+++ b/libavformat/libssh.c
@@ -103,7 +103,7 @@ static av_cold int libssh_authentication(LIBSSHContext 
*libssh, const char *user
         }
     }
 
-    if (!authorized && (auth_methods & SSH_AUTH_METHOD_PASSWORD)) {
+    if (!authorized && password && (auth_methods & SSH_AUTH_METHOD_PASSWORD)) {
         if (ssh_userauth_password(libssh->session, NULL, password) == 
SSH_AUTH_SUCCESS) {
             av_log(libssh, AV_LOG_DEBUG, "Authentication successful with 
password.\n");
             authorized = 1;
-- 
2.13.0

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

[FFmpeg-devel] [PATCH] avformat/libssh: check the user provided a password before trying to use it

Reply via email to