[Bug 902] get_remote_port() can kill sshd in auth_log()

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Jul 21 09:09:22 EST 2004


http://bugzilla.mindrot.org/show_bug.cgi?id=902

           Summary: get_remote_port() can kill sshd in auth_log()
           Product: Portable OpenSSH
           Version: 3.8.1p1
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: peak at argo.troja.mff.cuni.cz


The daemon calls get_remote_port() in auth_log(). If the client closes the
connection between the authentication failure and the invocation of auth_log()
(e.g. during PAM-enforced post-failure delay) then getpeername() fails (the
socket is not connected any longer), get_sock_port() kills the daemon (almost
silently only a debugging message!), and auth_log() is never finished.

One possible fix is to make get_remote_port() cache information in the same way
it is cached by get_remote_ipaddr().



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list