Fix

Author: yosuke-wolfssl

src/internal.c

@@ -8346,7 +8346,7 @@ static int DoUserAuthRequest(WOLFSSH* ssh,
     word32 begin;
     int ret = WS_SUCCESS;
     byte authNameId = ID_UNKNOWN;
-    byte serviceValid = 1;
+    int serviceValid = 1;
     WS_UserAuthData authData;
 
     WLOG(WS_LOG_DEBUG, "Entering DoUserAuthRequest()");

tests/unit.c

@@ -1435,7 +1435,8 @@ static int test_DoUserAuthRequest_serviceName(void)
         /* service name */
         buf[len++] = (byte)(snsz >> 24); buf[len++] = (byte)(snsz >> 16);
         buf[len++] = (byte)(snsz >>  8); buf[len++] = (byte)snsz;
-        WMEMCPY(buf + len, cases[i].svcName, snsz); len += snsz;
+        if (snsz > 0) { WMEMCPY(buf + len, cases[i].svcName, snsz); }
+        len += snsz;
 
         /* auth method: omit for invalid-service cases to prove short-circuit */
         if (cases[i].authMethod != NULL) {
@@ -1488,6 +1489,14 @@ static int test_DoUserAuthRequest_serviceName(void)
             goto done;
         }
 
+        /* Invalid-service cases must NOT record the username. */
+        if (cases[i].authMethod == NULL && ssh->userName != NULL) {
+            printf("DoUserAuthRequest_svcName[%s]: userName set on invalid "
+                   "service (expected NULL)\n", cases[i].label);
+            result = -530 - i;
+            goto done;
+        }
+
         wolfSSH_free(ssh);
         ssh = NULL;
     }