From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 16 Apr 2026 08:09:59 +0000 (+0200)
Subject: libssh2: allocate libssh2-friendly memory in kbd_callback
X-Git-Tag: curl-8_20_0~108
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7e450cb80a476b5f96e9c9da67e21ffebcc4b375;p=thirdparty%2Fcurl.git

libssh2: allocate libssh2-friendly memory in kbd_callback

The function libssh2_userauth_keyboard_interactive_ex() calls the
callback and is documented to call free() on the memory returned to
libssh2 from the callback. libcurl can therefore not use the regular
curlx_strdup() for this, as that is not compatible in debug builds or
when curl_global_init_mem() is used.

Fixes #21336
Closes #21338
---

diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c
index e4d35bbdcf..4e2a72269f 100644
--- a/lib/vssh/libssh2.c
+++ b/lib/vssh/libssh2.c
@@ -148,7 +148,9 @@ static void kbd_callback(const char *name, int name_len,
 #endif /* CURL_LIBSSH2_DEBUG */
   if(num_prompts == 1) {
     struct connectdata *conn = data->conn;
-    responses[0].text = curlx_strdup(conn->passwd);
+    /* this function must allocate memory that can be freed by libssh2, which
+       uses the LIBSSH2_FREE_FUNC callback */
+    responses[0].text = Curl_cstrdup(conn->passwd);
     responses[0].length =
       responses[0].text == NULL ? 0 : curlx_uztoui(strlen(conn->passwd));
   }