Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/ssh: Possible to pass nil publicKeyCallback signer #20441

Closed
kris-nova opened this issue May 20, 2017 · 2 comments
Closed

x/crypto/ssh: Possible to pass nil publicKeyCallback signer #20441

kris-nova opened this issue May 20, 2017 · 2 comments
Milestone

Comments

@kris-nova
Copy link

@kris-nova kris-nova commented May 20, 2017

Go Version

1.8.1 stable

kris-nova:crypto kris$ go version
go version go1.8 darwin/amd64

Environment

Darwin AMD64

What did you do?

While attempting to authenticate with x/crypto/ssh I was able to return an empty slice of ssh.Signers. My code compiled, but upon running recieved a nil pointer dereference as one would expect.

import "golang.org/x/crypto/ssh"
//snip
	publicKeyCallback := func() ([]cssh.Signer, error) {
		var signers []cssh.Signer
		return signers, nil
	})

Expected

I would have expected the library to behave in the same way the open-ssh and other SSH tools handle signing attempts, which is to try attempts in the hopes that one will eventually succeed. I think this is the intent of the library given the note here.

In this exact case, we would have no signing methods to try, and the authentication would immediately run out of possible methods to attempt. Thus returning an error like:

ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Actual

nil pointer dereference 😞

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x139851a]

goroutine 1 [running]:
github.com/kris-nova/klone/vendor/golang.org/x/crypto/ssh.publicKeyCallback.auth(0x0, 0xc42017cc40, 0x20, 0x20, 0x0, 0x0, 0x1853260, 0xc420441080, 0x184cda0, 0xc420019500, ...)
	/go/src/github.com/kris-nova/klone/vendor/golang.org/x/crypto/ssh/client_auth.go:187 +0x3a
@gopherbot gopherbot added this to the Unreleased milestone May 20, 2017
@vcabbage
Copy link
Member

@vcabbage vcabbage commented May 21, 2017

To clarify, is there a problem with the callback returning a nil slice or with the callback function itself being nil? From the traceback it looks like the callback function is nil. Is the expectation that passing a nil callback would be treated as though it is returning a nil slice of ssh.Signer?

@hanwen
Copy link
Contributor

@hanwen hanwen commented Jun 7, 2017

we just loop over the return value, https://go.googlesource.com/crypto/+/e1a4589e7d3ea14a3352255d04b6f1a418845e5e/ssh/client_auth.go#192

looks you forgot to set the callback?
https://go.googlesource.com/crypto/+/e1a4589e7d3ea14a3352255d04b6f1a418845e5e/ssh/client_auth.go#187

If not, can you provide a complete example that we could reproduce?

@hanwen hanwen closed this Jun 19, 2017
@golang golang locked and limited conversation to collaborators Jun 19, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.