Keyboard Interactive bug fixes

* `keyboardAuthCb` was not initalized correctly, meaning we could enable the mode without callback. * `SendUserAuthKeyboardRequest` didn't check `keyboardAuthCb` for `NULL`. * `DoUserAuthInfoResponse` left `authData` partially uninitialized. * `DoUserAuthInfoResponse` new checks that KB auth is in progress.
2025-05-06 09:44:06 +01:00 · 2025-05-06 09:44:06 +01:00 · 3e4d9c0b95
parent ee9bc3b6fd
commit 3e4d9c0b95
2 changed files with 22 additions and 1 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -872,6 +872,9 @@ WOLFSSH_CTX* CtxInit(WOLFSSH_CTX* ctx, byte side, void* heap)
    ctx->algoListCipher = cannedEncAlgoNames;
    ctx->algoListMac = cannedMacAlgoNames;
    ctx->algoListKeyAccepted = cannedKeyAlgoNames;
+#ifdef WOLFSSH_KEYBOARD_INTERACTIVE
+    ctx->keyboardAuthCb = NULL;
+#endif

    count = (word32)(sizeof(ctx->privateKey)
            / sizeof(ctx->privateKey[0]));
@ -6421,11 +6424,16 @@ static int DoUserAuthInfoResponse(WOLFSSH* ssh,


    if (ssh == NULL || buf == NULL || len == 0 || idx == NULL) {
-
        ret = WS_BAD_ARGUMENT;
    }

+    if ((ret == WS_SUCCESS) && (ssh->authId != ID_USERAUTH_KEYBOARD)) {
+        WLOG(WS_LOG_DEBUG, "DoUserAuthInfoResponse on non-keyboard auth");
+        ret = WS_FATAL_ERROR;
+    }
+
    if (ret == WS_SUCCESS) {
+        WMEMSET(&authData, 0, sizeof(authData));
        begin = *idx;
        kb = &authData.sf.keyboard;
        authData.type = WOLFSSH_USERAUTH_KEYBOARD;
@ -7784,6 +7792,7 @@ static int DoUserAuthRequest(WOLFSSH* ssh,
        authData.authName = buf + begin;
        begin += authData.authNameSz;
        authNameId = NameToId((char*)authData.authName, authData.authNameSz);
+        ssh->authId = authNameId;

        if (authNameId == ID_USERAUTH_PASSWORD)
            ret = DoUserAuthRequestPassword(ssh, &authData, buf, len, &begin);
@ -8044,6 +8053,8 @@ static int DoUserAuthInfoRequest(WOLFSSH* ssh, byte* buf, word32 len,
        ret = SendUserAuthKeyboardResponse(ssh);
    }

+    ssh->authId = ID_USERAUTH_KEYBOARD;
+
    WLOG(WS_LOG_DEBUG, "Leaving DoUserAuthInfoRequest(), ret = %d", ret);

    return ret;
@ -13348,6 +13359,11 @@ int SendUserAuthKeyboardRequest(WOLFSSH* ssh, WS_UserAuthData* authData)
        ret = WS_BAD_ARGUMENT;
    }

+    if (ssh->ctx->keyboardAuthCb == NULL) {
+        WLOG(WS_LOG_DEBUG, "SendUserAuthKeyboardRequest called with no Cb set");
+        ret = WS_BAD_USAGE;
+    }
+
    if (ret == WS_SUCCESS) {
        ret = ssh->ctx->keyboardAuthCb(&authData->sf.keyboard,
                                       ssh->keyboardAuthCtx);
--- a/tests/auth.c
+++ b/tests/auth.c
@ -586,6 +586,11 @@ int wolfSSH_AuthTest(int argc, char** argv)
    defined(NO_FILESYSTEM) || !defined(WOLFSSH_KEYBOARD_INTERACTIVE)
    return 77;
 #else
+
+#if defined(DEBUG_WOLFSSH)
+    wolfSSH_Debugging_ON();
+#endif
+
    AssertIntEQ(wolfSSH_Init(), WS_SUCCESS);

    #if defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,2)