WiP KBI bug fixes

LinuxJedi · LinuxJedi · commit 2bf79c4f4705 · 2025-05-06T09:58:05.000+01:00
* `keyboardAuthCb` was not initalized correctly, meaning we could
  enable the mode without callback.
* `SendUserAuthKeyboardRequest` didn't check `keyboardAuthCb` for
  `NULL`.
* `DoUserAuthInfoResponse` left `authData` partially uninitialized.
* `DoUserAuthInfoResponse` new checks that KB auth is in progress.
diff --git a/src/internal.c b/src/internal.c
@@ -872,6 +872,7 @@ WOLFSSH_CTX* CtxInit(WOLFSSH_CTX* ctx, byte side, void* heap)
     ctx->algoListCipher = cannedEncAlgoNames;
     ctx->algoListMac = cannedMacAlgoNames;
     ctx->algoListKeyAccepted = cannedKeyAlgoNames;
+    ctx->keyboardAuthCb = NULL;
 
     count = (word32)(sizeof(ctx->privateKey)
             / sizeof(ctx->privateKey[0]));
@@ -6421,11 +6422,16 @@ static int DoUserAuthInfoResponse(WOLFSSH* ssh,
 
 
     if (ssh == NULL || buf == NULL || len == 0 || idx == NULL) {
-
         ret = WS_BAD_ARGUMENT;
     }
 
+    if ((ret == WS_SUCCESS) && (ssh->authId != ID_USERAUTH_KEYBOARD)) {
+        WLOG(WS_LOG_DEBUG, "DoUserAuthInfoResponse on non-keyboard auth");
+        ret = WS_FATAL_ERROR;
+    }
+
     if (ret == WS_SUCCESS) {
+        WMEMSET(&authData, 0, sizeof(authData));
         begin = *idx;
         kb = &authData.sf.keyboard;
         authData.type = WOLFSSH_USERAUTH_KEYBOARD;
@@ -7784,6 +7790,7 @@ static int DoUserAuthRequest(WOLFSSH* ssh,
         authData.authName = buf + begin;
         begin += authData.authNameSz;
         authNameId = NameToId((char*)authData.authName, authData.authNameSz);
+        ssh->authId = authNameId;
 
         if (authNameId == ID_USERAUTH_PASSWORD)
             ret = DoUserAuthRequestPassword(ssh, &authData, buf, len, &begin);
@@ -8044,6 +8051,8 @@ static int DoUserAuthInfoRequest(WOLFSSH* ssh, byte* buf, word32 len,
         ret = SendUserAuthKeyboardResponse(ssh);
     }
 
+    ssh->authId = ID_USERAUTH_KEYBOARD;
+
     WLOG(WS_LOG_DEBUG, "Leaving DoUserAuthInfoRequest(), ret = %d", ret);
 
     return ret;
@@ -13348,6 +13357,11 @@ int SendUserAuthKeyboardRequest(WOLFSSH* ssh, WS_UserAuthData* authData)
         ret = WS_BAD_ARGUMENT;
     }
 
+    if (ssh->ctx->keyboardAuthCb == NULL) {
+        WLOG(WS_LOG_DEBUG, "SendUserAuthKeyboardRequest called with no Cb set");
+        ret = WS_BAD_USAGE;
+    }
+
     if (ret == WS_SUCCESS) {
         ret = ssh->ctx->keyboardAuthCb(&authData->sf.keyboard,
                                        ssh->keyboardAuthCtx);
diff --git a/tests/auth.c b/tests/auth.c
@@ -586,6 +586,11 @@ int wolfSSH_AuthTest(int argc, char** argv)
     defined(NO_FILESYSTEM) || !defined(WOLFSSH_KEYBOARD_INTERACTIVE)
     return 77;
 #else
+
+#if defined(DEBUG_WOLFSSH)
+    wolfSSH_Debugging_ON();
+#endif
+
     AssertIntEQ(wolfSSH_Init(), WS_SUCCESS);
 
     #if defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,2)
