fix: use userauth name length to check memory boundaries for userauth…

… name, fixes #653 (#654) File: userauth.c Notes: Fixes `userauth_kybd_auth_name_len` length check Co-authored-by: Xaver Lopenstedt <xaver@lopenstedt.de>
libssh2 · Jan 5, 2022 · 967792c · 967792c
1 parent 552e20d
commit 967792c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/userauth.c b/src/userauth.c
@@ -1794,7 +1794,7 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session,
                                    "request field");
                     goto cleanup;
                 }
-                if(s + session->userauth_list_data_len <=
+                if(s + session->userauth_kybd_auth_name_len <=
                    session->userauth_kybd_data +
                    session->userauth_kybd_data_len) {
                     memcpy(session->userauth_kybd_auth_name, s,