[Bug 1322] pam_end() is not called if authentication fails, which breaks pam-abl

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Jul 12 01:17:45 EST 2007


http://bugzilla.mindrot.org/show_bug.cgi?id=1322


Sandro Wefel <sandro.wefel at informatik.uni-halle.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |sandro.wefel at informatik.uni-
                   |                            |halle.de




--- Comment #7 from Sandro Wefel <sandro.wefel at informatik.uni-halle.de>  2007-07-12 01:17:41 ---
Please have a look at the attached patch (id=1325).

The idea is to call sshpam_cleanup() if authctxt->authenticated is not
set before the KRB5 and GSSAPI blocks. After the pam-call we just
return from the function do_cleanup(). This means that
krb5_cleanup_proc(authctxt) is not called with an invalid parameter but
the sshpam_cleanup() is done which leads to the pam_end call.

IMHO this should avoid the signal handler race condition CVE-2006-5051
in krb5_cleanup_proc but calls pam_end() if the user authentication
fails.


-- 
Configure bugmail: http://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list