Serious Bug Report: OpenSSH

[Damien Miller]

Adrian Baugh wrote:
> 
> Hi,
> I'm using the Linux port of OpenSSH 1.2-pre15.
> One of my users complained of not being able to log in using password
> authentication but being able to log in okay using RSA authentication.
> I set up the server in debug mode and got the following for RSA
> authentication (usernames, machine names and IPs obfuscated):

I think I have found the problem here. Does this patch help?

Damien
-------------- next part --------------
Index: sshd.c
===================================================================
RCS file: /var/cvs/openssh/sshd.c,v
retrieving revision 1.33
diff -u -r1.33 sshd.c
--- sshd.c	1999/12/04 09:24:48	1.33
+++ sshd.c	1999/12/07 03:55:18
@@ -1551,24 +1551,41 @@
 			get_remote_port(),
 			user);
 
-#ifdef HAVE_LIBPAM
-		do_pam_account_and_session(pw->pw_name, client_user);
+#ifndef HAVE_LIBPAM
+		if (authenticated)
+			return;
 
-		/* Clean up */
-		if (client_user != NULL)
-			xfree(client_user);
+		if (attempt > AUTH_FAIL_MAX)
+			packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
+#else /* HAVE_LIBPAM */
+		if (authenticated) {
+			do_pam_account_and_session(pw->pw_name, client_user);
 
-		if (password != NULL) {
-			memset(password, 0, strlen(password));
-			xfree(password);
-		}
-#endif /* HAVE_LIBPAM */
+			/* Clean up */
+			if (client_user != NULL)
+				xfree(client_user);
 
-		if (authenticated)
+			if (password != NULL) {
+				memset(password, 0, strlen(password));
+				xfree(password);
+			}
+			
 			return;
+		}
 
-		if (attempt > AUTH_FAIL_MAX)
+		if (attempt > AUTH_FAIL_MAX) {
+			/* Clean up */
+			if (client_user != NULL)
+				xfree(client_user);
+
+			if (password != NULL) {
+				memset(password, 0, strlen(password));
+				xfree(password);
+			}
+			
 			packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
+		}
+#endif /* HAVE_LIBPAM */
 
 		/* Send a message indicating that the authentication attempt failed. */
 		packet_start(SSH_SMSG_FAILURE);