From: Peter Krempa <pkrempa(a)redhat.com&gt; virGetPassword can return NULL on linux or BSD if it fails. The caller in virConnectAuthCallbackDefault does dereference it unconditionally. Return failure if virGetPassword returns NULL. Fixes: db72866310d1e520efa8ed2d4589bdb5e76a1c95 Closes: https://gitlab.com/libvirt/libvirt/-/issues/777 Signed-off-by: Peter Krempa <pkrempa(a)redhat.com&gt; --- src/libvirt.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/libvirt.c b/src/libvirt.c index 581fc6deea..375d3fa7ef 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -158,7 +158,9 @@ virConnectAuthCallbackDefault(virConnectCredentialPtr cred, if (fflush(stdout) != 0) return -1; - bufptr = virGetPassword(); + if (!(bufptr = virGetPassword())) + return -1; + if (STREQ(bufptr, "")) VIR_FREE(bufptr); break; -- 2.49.0