From f9946b37f9ca993d7534ccccb9bce79c828d619a Mon Sep 17 00:00:00 2001 From: Nick Craig-Wood Date: Fri, 13 Dec 2024 11:59:40 +0000 Subject: [PATCH] sftp: fix nil check when using auth proxy An incorrect nil check was spotted while reviewing the code for CVE-2024-45337. The nil check failing has never happened as far as we know. The consequences would be a nil pointer exception. --- cmd/serve/sftp/server.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/serve/sftp/server.go b/cmd/serve/sftp/server.go index 44bd28795..e41d8cee0 100644 --- a/cmd/serve/sftp/server.go +++ b/cmd/serve/sftp/server.go @@ -65,7 +65,7 @@ func (s *server) getVFS(what string, sshConn *ssh.ServerConn) (VFS *vfs.VFS) { if s.proxy == nil { return s.vfs } - if sshConn.Permissions == nil && sshConn.Permissions.Extensions == nil { + if sshConn.Permissions == nil || sshConn.Permissions.Extensions == nil { fs.Infof(what, "SSH Permissions Extensions not found") return nil }