Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/ssh: Possible to pass nil publicKeyCallback signer #20441

Closed
krisnova opened this issue May 20, 2017 · 2 comments
Closed

x/crypto/ssh: Possible to pass nil publicKeyCallback signer #20441

krisnova opened this issue May 20, 2017 · 2 comments
Labels
FrozenDueToAge
Milestone
Unreleased

Comments

@krisnova
Copy link

krisnova commented May 20, 2017
edited

Go Version

1.8.1 stable

kris-nova:crypto kris$ go version
go version go1.8 darwin/amd64

Environment

Darwin AMD64

What did you do?

While attempting to authenticate with x/crypto/ssh I was able to return an empty slice of ssh.Signers. My code compiled, but upon running recieved a nil pointer dereference as one would expect.

import "golang.org/x/crypto/ssh"
//snip
	publicKeyCallback := func() ([]cssh.Signer, error) {
		var signers []cssh.Signer
		return signers, nil
	})

Expected

I would have expected the library to behave in the same way the open-ssh and other SSH tools handle signing attempts, which is to try attempts in the hopes that one will eventually succeed. I think this is the intent of the library given the note here.

In this exact case, we would have no signing methods to try, and the authentication would immediately run out of possible methods to attempt. Thus returning an error like:

ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Actual

nil pointer dereference 😞

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x139851a]

goroutine 1 [running]:
github.com/kris-nova/klone/vendor/golang.org/x/crypto/ssh.publicKeyCallback.auth(0x0, 0xc42017cc40, 0x20, 0x20, 0x0, 0x0, 0x1853260, 0xc420441080, 0x184cda0, 0xc420019500, ...)
	/go/src/github.com/kris-nova/klone/vendor/golang.org/x/crypto/ssh/client_auth.go:187 +0x3a
@gopherbot gopherbot added this to the Unreleased milestone May 20, 2017
@vcabbage
Copy link
Member

To clarify, is there a problem with the callback returning a nil slice or with the callback function itself being nil? From the traceback it looks like the callback function is nil. Is the expectation that passing a nil callback would be treated as though it is returning a nil slice of ssh.Signer?

@hanwen
Copy link
Contributor

hanwen commented Jun 7, 2017

we just loop over the return value, https://go.googlesource.com/crypto/+/e1a4589e7d3ea14a3352255d04b6f1a418845e5e/ssh/client_auth.go#192

looks you forgot to set the callback?
https://go.googlesource.com/crypto/+/e1a4589e7d3ea14a3352255d04b6f1a418845e5e/ssh/client_auth.go#187

If not, can you provide a complete example that we could reproduce?

@hanwen hanwen closed this as completed Jun 19, 2017
@golang golang locked and limited conversation to collaborators Jun 19, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
4 participants
@hanwen @gopherbot @vcabbage @krisnova