From f251b48a367af9b1bc0033a9625b4ca8901fe9de Mon Sep 17 00:00:00 2001 From: Thomas Date: Fri, 21 Nov 2025 15:44:02 +0100 Subject: [PATCH 1/2] Fix call to ssh2_auth_pubkey_file() without password Patch taken from https://bugs.php.net/patch-display.php?bug=79702&patch=ssh2_fix_nullpointer_deref.patch&revision=1617965812 by thomas at shadowweb dot org Resolves: https://bugs.php.net/bug.php?id=79702 --- ssh2.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssh2.c b/ssh2.c index e6fe36a..e831967 100644 --- a/ssh2.c +++ b/ssh2.c @@ -653,7 +653,7 @@ PHP_FUNCTION(ssh2_auth_pubkey_file) { LIBSSH2_SESSION *session; zval *zsession; - zend_string *username, *pubkey, *privkey, *passphrase; + zend_string *username, *pubkey, *privkey, *passphrase = NULL; #ifndef PHP_WIN32 zend_string *newpath; struct passwd *pws; @@ -689,7 +689,7 @@ PHP_FUNCTION(ssh2_auth_pubkey_file) #endif /* TODO: Support passphrase callback */ - if (libssh2_userauth_publickey_fromfile_ex(session, ZSTR_VAL(username), ZSTR_LEN(username), ZSTR_VAL(pubkey), ZSTR_VAL(privkey), ZSTR_VAL(passphrase))) { + if (libssh2_userauth_publickey_fromfile_ex(session, ZSTR_VAL(username), ZSTR_LEN(username), ZSTR_VAL(pubkey), ZSTR_VAL(privkey), passphrase ? ZSTR_VAL(passphrase) : NULL)) { char *buf; int len; libssh2_session_last_error(session, &buf, &len, 0); From c6331adb2bc2a3bcd63f82e5e77a57c8f1ef4897 Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Fri, 21 Nov 2025 16:18:08 +0100 Subject: [PATCH 2/2] Fix call to ssh2_auth_pubkey() without password Port of the previous fix for ssh2_auth_pubkey_file() to the passwordless function introduced after that patch. Related: https://bugs.php.net/bug.php?id=79702 --- ssh2.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssh2.c b/ssh2.c index e831967..bc21083 100644 --- a/ssh2.c +++ b/ssh2.c @@ -709,7 +709,7 @@ PHP_FUNCTION(ssh2_auth_pubkey) { LIBSSH2_SESSION *session; zval *zsession; - zend_string *username, *pubkey, *privkey, *passphrase; + zend_string *username, *pubkey, *privkey, *passphrase = NULL; if (zend_parse_parameters(ZEND_NUM_ARGS(), "rSSS|S", &zsession, &username, &pubkey, &privkey, &passphrase) == FAILURE) { return; @@ -717,7 +717,7 @@ PHP_FUNCTION(ssh2_auth_pubkey) SSH2_FETCH_NONAUTHENTICATED_SESSION(session, zsession); - if (libssh2_userauth_publickey_frommemory(session, ZSTR_VAL(username), ZSTR_LEN(username), ZSTR_VAL(pubkey), ZSTR_LEN(pubkey), ZSTR_VAL(privkey), ZSTR_LEN(privkey), ZSTR_VAL(passphrase))) { + if (libssh2_userauth_publickey_frommemory(session, ZSTR_VAL(username), ZSTR_LEN(username), ZSTR_VAL(pubkey), ZSTR_LEN(pubkey), ZSTR_VAL(privkey), ZSTR_LEN(privkey), passphrase ? ZSTR_VAL(passphrase) : NULL)) { char *buf; int len; libssh2_session_last_error(session, &buf, &len, 0);