From 5c09d4655ac39b19d0d957bc68be56a1007150bc Mon Sep 17 00:00:00 2001 From: shunf4 Date: Sat, 16 Apr 2022 00:45:23 +0800 Subject: [PATCH 1/2] fix: prevent crash when result of SendMessage is 0 openssh 8.9 introduces feature "SSH agent restriction", which means protocol extension (SSH_AGENTC_EXTENSION) will be used (https://www.openssh.com/agent-restrict.html#limitations). When connecting to older pageant with openssh 8.9 client, the message with type SSH_AGENTC_EXTENSION can't be processed by pageant, thus SendMessage returns 0, in which case `psd` and `usersid` is likely to be freed twice in the code, causing crash. This commit fixes this. --- winpgntc.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/winpgntc.c b/winpgntc.c index a244813..298bb03 100644 --- a/winpgntc.c +++ b/winpgntc.c @@ -107,14 +107,18 @@ agent_query(void *buf) UnmapViewOfFile(p); CloseHandle(filemap); LocalFree(psd); + psd = NULL; free(usersid); - + usersid = NULL; if (id > 0) return; } - LocalFree(psd); - free(usersid); + if (psd) + LocalFree(psd); + if (usersid) + free(usersid); + } static const char reply_error[5] = { 0, 0, 0, 1, SSH_AGENT_FAILURE }; From 5411ae059f8f35aa2fc24b4a14da6df9075ab8cf Mon Sep 17 00:00:00 2001 From: shunf4 Date: Thu, 28 Apr 2022 23:01:40 +0800 Subject: [PATCH 2/2] remove null checks for psd and usersid before freeing --- winpgntc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/winpgntc.c b/winpgntc.c index 298bb03..7ba0d90 100644 --- a/winpgntc.c +++ b/winpgntc.c @@ -114,10 +114,10 @@ agent_query(void *buf) return; } - if (psd) - LocalFree(psd); - if (usersid) - free(usersid); + /* LocalFree and free are fine with NULL, so null checks aren't + * necessary. */ + LocalFree(psd); + free(usersid); }