Segfault in nc_accept when password is not defined

[awesomenode]

Hi!

I've created a minimalistic netconf server using libnetconf2, and when
I tried to connect to it using ncclient, it threw a segfault.

Python commands:

from ncclient import manager
session=manager.connect(host="0.0.0.0", port=10830, username="test",
password="test", hostkey_verify=False)

Server print:

[INF]: Listening on 0.0.0.0:10830 for SSH connections.
[INF]: Accepted a connection on 0.0.0.0:10830 from 127.0.0.1:47958.
[INF]: Received an SSH message "request-service" of subtype "ssh-userauth".
[INF]: Received an SSH message "request-auth" of subtype "password".

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7d5b5d5 in auth_password_compare_pwd (stored_pw=0x0, received_pw=0x555555753230 "test") at libnetconf2/src/session_server_ssh.c:422
422 if (!stored_pw[0]) {
(gdb) bt
#0 0x00007ffff7d5b5d5 in auth_password_compare_pwd (stored_pw=0x0, received_pw=0x555555753230 "test") at libnetconf2/src/session_server_ssh.c:422
#1 0x00007ffff7d5b771 in nc_sshcb_auth_password (session=0x555555682cc0, auth_client=0x55555567ff20, msg=0x555555749610) at libnetconf2/src/session_server_ssh.c:452
#2 0x00007ffff7d5dbd8 in nc_session_ssh_msg (session=0x555555682cc0, opts=0x555555684090, msg=0x555555749610, state=0x7fffffffdb78) at libnetconf2/src/session_server_ssh.c:1502
#3 0x00007ffff7d5e2af in nc_accept_ssh_session_auth (session=0x555555682cc0, opts=0x555555684090) at libnetconf2/src/session_server_ssh.c:1662
#4 0x00007ffff7d5e723 in nc_accept_ssh_session (session=0x555555682cc0, opts=0x555555684090, sock=-1, timeout=10000) at libnetconf2/src/session_server_ssh.c:1782
#5 0x00007ffff7d40d8a in nc_accept (timeout=0, ctx=0x555555575d30, session=0x7fffffffdca0) at libnetconf2/src/session_server.c:2303
#6 0x0000555555555beb in main () at nc_interactive.c:171

Password authentication is not allowed intentionally, so no password is
stored in libnetconf2.

It works with netopeer2-cli, because it correctly uses keyboard-
interactive authentication, but ncclient is a popular netconf client,
and throwing a segfault in this case is probably not intended.

I'm using the latest libnetconf2, and I've attached the code.
nc_interactive.zip

Thanks!

[Roytak]

Hello, I investigated this a little bit and you are somewhat right.

It works with netopeer2-cli, because it correctly uses keyboard-
interactive authentication, but ncclient is a popular netconf client,
and throwing a segfault in this case is probably not intended.

It works with netopeer2-cli, because netopeer2-cli first requests the optional SSH none authentication method, which returns the user's supported authentication methods back to the client. Based on that he knows, that he can not use the password method. Judging by looking at the output you provided ncclient doesn't do this, so I assume that ncclient rightfully thinks that at least the password method is supported (even though it should not be, because it was not configured for the user) and hence the segfault happens.

I think that a possible fix is to set the given user's supported authentication methods when the request-service message is received instead of doing it when request-auth message is received, because, based on this issue, that is too late. Should be fixed later this week and thank you for creating the issue.

[burnCalories]

Oh my, I've encountered the same issue. I installed Netopeer2 as the NETCONF server and then used ncclient as the client to connect. Have you found a solution yet?

[michalvasko]

If you use the current devel branch, it should not crash.