Hi,
Here's a helpful patch from one of our (Debian's) users.
I'd guess that the similar if/xfree a few lines above in the #if PAM
section could do with the same treatment.
Cheers, Phil.
--[[message/rfc822]]
Date: Sat, 29 Jan 2000 11:11:32 +0000
From: Colin Watson <cjw44@cam.ac.uk>
To: 49902@bugs.debian.org
[.Bug was that when sshing one's password is denied, apparently by PAM.]
Firstly, moving (or linking) /etc/pam.d/ssh to /etc/pam.d/sshd as
suggested doesn't help me; I still get:
[cjw44@quicksilver ~]$ ssh riva
cjw44@cjw44.trin.cam.ac.uk's password: [fx: types in correct password]
Connection closed by 131.111.193.196
This bug has an interesting interaction with identities. I only
experience this bug when sshing from an account with an identity file in
~/.ssh/identity to an account which is not set up to recognize that
identity. A temporary workaround is to specify an identity file which
isn't, as follows:
[cjw44@quicksilver ~]$ ssh -i /dev/null riva
cjw44@cjw44.trin.cam.ac.uk's password: [fx: types in correct password]
Last login: Sat Jan 29 09:14:17 2000 from quicksilver.trin.cam.ac.uk
[...]
Running sshd in debugging mode reveals that it segfaults after receiving
my password, but only if it had previously attempted to authenticate me
based on an identity file. MALLOC_CHECK_ was my friend! A patch (whose
purpose should be obvious) follows:
--- sshd.c.orig Sat Jan 29 11:00:50 2000
+++ sshd.c Sat Jan 29 11:01:29 2000
@@ -1414,8 +1414,10 @@
return;
}
- if (client_user != NULL)
+ if (client_user != NULL) {
xfree(client_user);
+ client_user = NULL;
+ }
if (attempt > AUTH_FAIL_MAX)
packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
This should close this bug and #54894 (which I don't believe would have
posed security problems), and with a bit of luck might yield more clues
to #51306 as well.
HTH,
--
Colin Watson [cjw44@cam.ac.uk]
--[[text/plain]]
Here's a helpful patch from one of our (Debian's) users.
I'd guess that the similar if/xfree a few lines above in the #if PAM
section could do with the same treatment.
Cheers, Phil.
--[[message/rfc822]]
Date: Sat, 29 Jan 2000 11:11:32 +0000
From: Colin Watson <cjw44@cam.ac.uk>
To: 49902@bugs.debian.org
[.Bug was that when sshing one's password is denied, apparently by PAM.]
Firstly, moving (or linking) /etc/pam.d/ssh to /etc/pam.d/sshd as
suggested doesn't help me; I still get:
[cjw44@quicksilver ~]$ ssh riva
cjw44@cjw44.trin.cam.ac.uk's password: [fx: types in correct password]
Connection closed by 131.111.193.196
This bug has an interesting interaction with identities. I only
experience this bug when sshing from an account with an identity file in
~/.ssh/identity to an account which is not set up to recognize that
identity. A temporary workaround is to specify an identity file which
isn't, as follows:
[cjw44@quicksilver ~]$ ssh -i /dev/null riva
cjw44@cjw44.trin.cam.ac.uk's password: [fx: types in correct password]
Last login: Sat Jan 29 09:14:17 2000 from quicksilver.trin.cam.ac.uk
[...]
Running sshd in debugging mode reveals that it segfaults after receiving
my password, but only if it had previously attempted to authenticate me
based on an identity file. MALLOC_CHECK_ was my friend! A patch (whose
purpose should be obvious) follows:
--- sshd.c.orig Sat Jan 29 11:00:50 2000
+++ sshd.c Sat Jan 29 11:01:29 2000
@@ -1414,8 +1414,10 @@
return;
}
- if (client_user != NULL)
+ if (client_user != NULL) {
xfree(client_user);
+ client_user = NULL;
+ }
if (attempt > AUTH_FAIL_MAX)
packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
This should close this bug and #54894 (which I don't believe would have
posed security problems), and with a bit of luck might yield more clues
to #51306 as well.
HTH,
--
Colin Watson [cjw44@cam.ac.uk]
--[[text/plain]]