[Bug 749] Connection is dropped for invalid user

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Oct 29 00:47:34 EST 2003


http://bugzilla.mindrot.org/show_bug.cgi?id=749

           Summary: Connection is dropped for invalid user
           Product: Portable OpenSSH
           Version: -current
          Platform: Alpha
        OS/Version: AIX
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: Heinrich.Mislik at univie.ac.at


If connecting to a server with an illegal userid und an rsa1 key, the connection
is dropped immediatly. Normaly, a wrong username will stay in the auth_loop and
keep requesting authentication from the user. The reason is in auth-rsa.c in
line 293:

         /* no user given */
         if (pw == NULL)
               return 0;

Invalid users nolonger are passwd as NULL-pointers, a faked pw struct is used
instead. This results in a call to temporarily_use_uid(pw) with the faked pw
struct, which fails with fatal().

As a patch I tried 

         /* no user given */
         if (pw == fakepw())
                 return 0;
which worked, but maybe is not the best solution.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list