utmpx bug in openssh-2.1.0p2 using Solaris 8

[Nils Ellmenreich]

Hi,

I've installed openssh-2.1.0p2 on a Solaris 8 host (SPARC). The sshd
corrupts utmpx/wtmpx when a client connects to this machine. Observable
error:

$ who
who: Error --- entry has ut_type of 28265
 when maximum is 9

It can be repeated and is attributable to the login done by sshd. Now,
Solaris has only utmpx/wtmpx and not the old utmp/wtmp. It get's worse
as more logins take place until utmpx is so corrupted that user login at
console is refused by the system.

A look at bsd-login.c revealed that, if USE_UTMPX is defined, in line
135 utmpx is being opened, but later on regardless of this define a
utmp structure is being written to it, thereby destroying utmpx's
consistency.

I don't have a bug fix, but a workaround (that won't work in general):

$  diff bsd-login.c bsd-login.c.orig
127d126
< #if 0
190c189
< #endif   /* 0 */
---
> 

A proper bugfix will probably mean to examine the code between lines 126
and 190 and check which data structure is actually being written to
which file. I'm not familiar with all the differences on various Unices
so I'm afraid I can't provide one.

Related to that, I wonder why bsd-login.c is actually writing
utmpx/wtmpx directly and not using updwtmpx all the time. It does so at
the very end of bsd-login.c anyhow, which is the reason why the lines
126-190 can be safely ignored in my case.

BTW, I've not subscribed to this list. In case you'd like to reply
please be so kind and CC directly to me. Thanks.

Cheers,
Nils
-- 
Nils Ellmenreich - Fak. fuer Math./Informatik - Please use gpg - Nils @
http://www.fmi.uni-passau.de/~nils  -  Univ. Passau   -   Uni-Passau.DE