auth: Fix out-of-bounds check in ssh_userauth_kbdint_getprompt()

Review changes
Open in Workspace
Download
Patches
Plain diff

auth: Fix out-of-bounds check in ssh_userauth_kbdint_getprompt()

Arman Alirequested to merge

arman-ali07/libssh-mirror:fix-kbdint-oob into master Feb 25, 2026

Overview 3
Commits 1
Pipelines 2
Reports 3
Changes 1

Fix out-of-bounds access in ssh_userauth_kbdint_getprompt().

The function previously checked: if (i > session->kbdint->nprompts)

This allowed i == nprompts, which could lead to out-of-bounds access to prompts[i] and echo[i].

The condition has been corrected to: if (i >= session->kbdint->nprompts)

This prevents invalid memory access.

Checklist

Commits have Signed-off-by: with name/author being identical to the commit author
Code modified for feature
Test suite updated with functionality tests
Test suite updated with negative tests
Documentation updated
The project pipelines timeout is extended at least to 2 hours.

Reviewer's checklist:

Any issues marked for closing are addressed
There is a test suite reasonably covering new functionality or modifications
Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTING.md
This feature/change has adequate documentation added
No obvious mistakes in the code

Merge request reports

Assignee Loading

Reviewers Loading

Request review from

Loading

Time tracking Loading

Loading