[openssh-commits] [openssh] branch master updated: propagate PAM crashes to PerSourcePenalties

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

The following commit(s) were added to refs/heads/master by this push:
     new b0033140 propagate PAM crashes to PerSourcePenalties
b0033140 is described below

commit b00331402fe5c60d577f3ffcc35e49286cdc6b47
Author: Damien Miller <djm at mindrot.org>
AuthorDate: Mon Jun 17 17:02:18 2024 +1000

    propagate PAM crashes to PerSourcePenalties
    
    If the PAM subprocess crashes, exit with a crash status that will be
    picked up by the sshd(8) listener process where it can be used by
    PerSourcePenalties to block the client. This is similar handling to
    the privsep preauth process.
---
 auth-pam.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/auth-pam.c b/auth-pam.c
index 2c1a8d3d..13c0a792 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -100,6 +100,7 @@
 #include "ssh-gss.h"
 #endif
 #include "monitor_wrap.h"
+#include "srclimit.h"
 
 extern ServerOptions options;
 extern struct sshbuf *loginmsg;
@@ -166,13 +167,13 @@ sshpam_sigchld_handler(int sig)
 			return;
 		}
 	}
-	if (WIFSIGNALED(sshpam_thread_status) &&
-	    WTERMSIG(sshpam_thread_status) == SIGTERM)
-		return;	/* terminated by pthread_cancel */
-	if (!WIFEXITED(sshpam_thread_status))
-		sigdie("PAM: authentication thread exited unexpectedly");
-	if (WEXITSTATUS(sshpam_thread_status) != 0)
-		sigdie("PAM: authentication thread exited uncleanly");
+	if (sshpam_thread_status == -1)
+		return;
+	if (WIFSIGNALED(sshpam_thread_status)) {
+		if (signal_is_crash(WTERMSIG(sshpam_thread_status)))
+			_exit(EXIT_CHILD_CRASH);
+	} else if (!WIFEXITED(sshpam_thread_status))
+		_exit(EXIT_CHILD_CRASH);
 }
 
 /* ARGSUSED */

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.