[Bug 3008] New: pam_putenv used regardless of whether or not it is available

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue May 14 08:00:18 AEST 2019


https://bugzilla.mindrot.org/show_bug.cgi?id=3008

            Bug ID: 3008
           Summary: pam_putenv used regardless of whether or not it is
                    available
           Product: Portable OpenSSH
           Version: 8.0p1
          Hardware: HPPA
                OS: HP-UX
            Status: NEW
          Severity: normal
          Priority: P5
         Component: PAM support
          Assignee: unassigned-bugs at mindrot.org
          Reporter: bugs-openssh at vendor.thewrittenword.com

configure.ac has:
                        AC_CHECK_FUNCS([pam_putenv])

yet auth-pam.c uses pam_putenv regardless:
        if (sshpam_rhost != NULL) {
                debug("PAM: setting PAM_RHOST to \"%s\"",
sshpam_rhost);
                sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST,
                    sshpam_rhost);
                if (sshpam_err != PAM_SUCCESS) {
                        pam_end(sshpam_handle, sshpam_err);
                        sshpam_handle = NULL;
                        return (-1);
                }
                /* Put SSH_CONNECTION in the PAM environment too */
                pam_putenv(sshpam_handle, sshpam_conninfo);
        }

This is despite earlier uses of pam_putenv being wrapped with #ifdef
HAVE_PAM_PUTENV:
#ifdef HAVE_PAM_PUTENV
                /* Errors are not fatal here */
                if ((r = pam_putenv(sshpam_handle, env)) !=
PAM_SUCCESS) {
                        error("PAM: pam_putenv: %s",
                            pam_strerror(sshpam_handle, r));
                }
#endif

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list