[Bug 2655] New: AuthorizedKeysCommand with large output can deadlock
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Dec 30 17:42:56 AEDT 2016
https://bugzilla.mindrot.org/show_bug.cgi?id=2655
Bug ID: 2655
Summary: AuthorizedKeysCommand with large output can deadlock
Product: Portable OpenSSH
Version: 7.2p2
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: jboning at gmail.com
If an AuthorizedKeysCommand produces a large amount of output, a
deadlock can result. The relevant code is in auth2-pubkey.c, beginning
at line 1041:
if ((pid = subprocess("AuthorizedKeysCommand", pw, command,
ac, av, &f)) == 0)
goto out;
uid_swapped = 1;
temporarily_use_uid(pw);
ok = check_authkeys_file(f, options.authorized_keys_command,
key, pw);
if (exited_cleanly(pid, "AuthorizedKeysCommand", command) != 0)
goto out;
Upon finding the correct public key in the command's output, we
immediately wait() for the command to exit. However, the command may
continue to generate output; if the subsequent output is large enough
to fill up the pipe's buffer, the command will block on write() and
never exit, resulting in deadlock.
I believe adding "fclose(f); f = NULL;" after the check_authkeys_file()
call will fix this. (There was indeed an fclose() after the
check_authkeys_file() call prior to v1.50 of auth2-pubkey.c)
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list