Skip to content

fix: reject shell/exec request when Handler is nil instead of panic#258

Open
Yanhu007 wants to merge 1 commit intogliderlabs:masterfrom
Yanhu007:fix/nil-handler-panic
Open

fix: reject shell/exec request when Handler is nil instead of panic#258
Yanhu007 wants to merge 1 commit intogliderlabs:masterfrom
Yanhu007:fix/nil-handler-panic

Conversation

@Yanhu007
Copy link
Copy Markdown

@Yanhu007 Yanhu007 commented Apr 13, 2026

Fixes #237

Problem

When a server only defines SubsystemHandlers (e.g. for SFTP) without setting a session Handler, an SSH client sending a shell or exec request causes a nil pointer dereference panic:

panic: runtime error: invalid memory address or nil pointer dereference
goroutine N [running]:
github.com/gliderlabs/ssh.(*session).handleRequests.func1()
    session.go:261 +0x24

Line 261: sess.handler(sess) is called without checking if handler is nil.

Fix

Add a nil check before accepting the request. When handler is nil, reject the request with Reply(false, nil) and continue processing, matching the existing pattern used for subsystem handler nil checks.

Builds cleanly.

@Yanhu007
fix: reject shell/exec request when Handler is nil instead of panic
01bf72f 
When a server only defines SubsystemHandlers (e.g. SFTP) without
a session Handler, an SSH client sending a shell or exec request
causes a nil pointer dereference panic at session.go:261.

Add a nil check for sess.handler before accepting the request.
When nil, the request is rejected with Reply(false, nil) instead
of crashing.

Fixes gliderlabs#237
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Missing Handler causes panic

1 participant

@Yanhu007