From 1b026ddd4403f4d750d6537d76d955981fff2671 Mon Sep 17 00:00:00 2001 From: Craig Dods Date: Fri, 6 Sep 2024 13:51:53 -0400 Subject: [PATCH] session: Handle invalid strings in keyboard prompt If we are given no prompts, there is no reason to continue. If we are given no instruction or username string, I've opted to use an empty string instead, though this can be argued to be incorrect. Fixes #326 --- src/session.rs | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/src/session.rs b/src/session.rs index 7b9fe021..5bea88a8 100644 --- a/src/session.rs +++ b/src/session.rs @@ -386,16 +386,29 @@ impl Session { // There's not much to be done with them though because the // signature of the callback doesn't allow reporting an error. let _ = catch_unwind(AssertUnwindSafe(|| { + if prompts.is_null() || responses.is_null() || num_prompts < 0 { + return; + } + let prompter = unsafe { &mut **(abstrakt as *mut *mut P) }; - let username = - unsafe { slice::from_raw_parts(username as *const u8, username_len as usize) }; - let username = String::from_utf8_lossy(username); + let username = if !username.is_null() && username_len >= 0 { + let username = unsafe { + slice::from_raw_parts(username as *const u8, username_len as usize) + }; + String::from_utf8_lossy(username) + } else { + Cow::Borrowed("") + }; - let instruction = unsafe { - slice::from_raw_parts(instruction as *const u8, instruction_len as usize) + let instruction = if !instruction.is_null() && instruction_len >= 0 { + let instruction = unsafe { + slice::from_raw_parts(instruction as *const u8, instruction_len as usize) + }; + String::from_utf8_lossy(instruction) + } else { + Cow::Borrowed("") }; - let instruction = String::from_utf8_lossy(instruction); let prompts = unsafe { slice::from_raw_parts(prompts, num_prompts as usize) }; let responses =