Fix crashes in libssh2_userauth_keyboard_interactive_ex()

These crashes occurred due to alignment issues between LabVIEW and libssh2_extensions. Fixed by addressing the alignment issues on the LabVIEW side: - `prompts` changed from U32 to U64 (pointer-sized integer) - padding added for `echo` so that the structure is correctly aligned. To address a heap corruption issue in LabVIEW, the implementation for the handler function was changed so that the `responses` handle is also provided to the callback function. The corresponding helper function `lvssh2_userauth_keyboard_interactive_add_response` was changed to use the provided `responses` handle and `index` to add the response. This was previously done with global variables that are no longer necessary. Side note: There is another issue related to heap corruption that isn't resolved by this commit. It does, however, not result in a crash and will be addressed in a future commit.
logmanoriginal · Sep 28, 2024 · 8256cd4 · 8256cd4
1 parent 718998a
commit 8256cd4
Show file tree

Hide file tree

Showing 9 changed files with 11 additions and 16 deletions.
diff --git a/extensions/lvssh2_extensions.cpp b/extensions/lvssh2_extensions.cpp
@@ -99,10 +99,8 @@ void lvssh2_userauth_keyboard_interactive_response_function(
 	payload->name = lv_name;
 	payload->instruction = lv_instruction;
 	payload->num_prompts = num_prompts;
-	payload->prompts = (LIBSSH2_USERAUTH_KBDINT_PROMPT*)prompts;
-
-	lvssh2_userauth_keyboard_interactive_response_return_value = responses;
-	lvssh2_userauth_keyboard_interactive_response_return_value_count = 0;
+	payload->prompts = prompts;
+	payload->responses = responses;
 
 	PostLVUserEvent(*lvssh2_userauth_keyboard_interactive_response_event, payload);
 
@@ -111,16 +109,14 @@ void lvssh2_userauth_keyboard_interactive_response_function(
 	DSDisposeHandle(lv_instruction);
 }
 
-void lvssh2_userauth_keyboard_interactive_add_response(const char* text, unsigned int text_len) {
-	LIBSSH2_USERAUTH_KBDINT_RESPONSE response = { 0 };
-
-	response.text = (char*)malloc(text_len);
-	memcpy(response.text, text, text_len);
+void lvssh2_userauth_keyboard_interactive_add_response(LIBSSH2_USERAUTH_KBDINT_RESPONSE* responses, int index, const char* text, unsigned int text_len) {
+	LIBSSH2_USERAUTH_KBDINT_RESPONSE* response = (LIBSSH2_USERAUTH_KBDINT_RESPONSE*)malloc(sizeof(LIBSSH2_USERAUTH_KBDINT_RESPONSE));
 
-	response.length = text_len;
+	response->text = (char*)malloc(text_len);
+	memcpy(response->text, text, text_len);
+	response->length = text_len;
 
-	lvssh2_userauth_keyboard_interactive_response_return_value[lvssh2_userauth_keyboard_interactive_response_return_value_count] = response;
-	lvssh2_userauth_keyboard_interactive_response_return_value_count++;
+	responses[index] = *response;
 }
 
 void data_buffer_to_LStrHandle(const char* data, size_t data_length, LStrHandle* string_handle_ptr) {

diff --git a/extensions/lvssh2_extensions.h b/extensions/lvssh2_extensions.h
@@ -38,14 +38,13 @@ typedef struct {
 	LStrHandle name;
 	LStrHandle instruction;
 	int num_prompts;
-	LIBSSH2_USERAUTH_KBDINT_PROMPT* prompts;
+	const LIBSSH2_USERAUTH_KBDINT_PROMPT* prompts;
+	LIBSSH2_USERAUTH_KBDINT_RESPONSE* responses;
 } lvssh2_userauth_keyboard_interactive_response_function_input_args;
 
 ssize_t lvssh2_session_callback_send_return_value = 0;
 ssize_t lvssh2_session_callback_recv_return_value = 0;
 LVUserEventRef* lvssh2_userauth_keyboard_interactive_response_event = { 0 };
-LIBSSH2_USERAUTH_KBDINT_RESPONSE* lvssh2_userauth_keyboard_interactive_response_return_value = { 0 };
-int lvssh2_userauth_keyboard_interactive_response_return_value_count = 0;
 
 lvssh2_userauth_publickey_sign_function_output_args lvssh2_userauth_publickey_sign_return_value = { 0 };
 
@@ -77,7 +76,7 @@ extern "C" __declspec(dllexport) void* get_lvssh2_session_callback_recv_function
 
 extern "C" __declspec(dllexport) void* get_lvssh2_userauth_keyboard_interactive_response_function() { return lvssh2_userauth_keyboard_interactive_response_function; }
 extern "C" __declspec(dllexport) void set_lvssh2_userauth_keyboard_interactive_response_callback(LVUserEventRef* event) { lvssh2_userauth_keyboard_interactive_response_event = event; }
-extern "C" __declspec(dllexport) void lvssh2_userauth_keyboard_interactive_add_response(const char* text, unsigned int text_len);
+extern "C" __declspec(dllexport) void lvssh2_userauth_keyboard_interactive_add_response(LIBSSH2_USERAUTH_KBDINT_RESPONSE* responses, int index, const char* text, unsigned int text_len);
 
 extern "C" __declspec(dllexport) void lvssh2_session_callback_send_function_return(ssize_t bytes_send);
 extern "C" __declspec(dllexport) void lvssh2_session_callback_recv_function_return(ssize_t bytes_received);

diff --git a/libssh2/libssh2_userauth_keyboard_interactive_ex.vi b/libssh2/libssh2_userauth_keyboard_interactive_ex.vi
diff --git a/libssh2/lvssh2_extensions.dll b/libssh2/lvssh2_extensions.dll
diff --git a/libssh2/lvssh2_extensions_64.dll b/libssh2/lvssh2_extensions_64.dll
diff --git a/libssh2/lvssh2_userauth_keyboard_interactive_response_function_handler_32.vi b/libssh2/lvssh2_userauth_keyboard_interactive_response_function_handler_32.vi
diff --git a/libssh2/lvssh2_userauth_keyboard_interactive_response_function_handler_64.vi b/libssh2/lvssh2_userauth_keyboard_interactive_response_function_handler_64.vi
diff --git a/libssh2/lvssh2_userauth_keyboard_interactive_response_function_input_args_32.ctl b/libssh2/lvssh2_userauth_keyboard_interactive_response_function_input_args_32.ctl
diff --git a/libssh2/lvssh2_userauth_keyboard_interactive_response_function_input_args_64.ctl b/libssh2/lvssh2_userauth_keyboard_interactive_response_function_input_args_64.ctl