OSF_SIA bug in 2.3.0p1
Damien Miller
djm at mindrot.org
Mon Feb 12 16:46:13 EST 2001
On Mon, 12 Feb 2001, Mike Battersby wrote:
>
> Is anyone maintaining the OSF_SIA support in openssh? This seems to be an
> obvious bug triggered if you try to connect as a non-existant user.
>
> >From auth1.c line 459
>
> #elif defined(HAVE_OSF_SIA)
> (sia_validate_user(NULL, saved_argc, saved_argv,
> get_canonical_hostname(), pw->pw_name, NULL, 0,
> NULL, "") == SIASUCCESS)) {
> #else /* !HAVE_OSF_SIA && !USE_PAM */
>
> At this stage pw could be NULL so obviously pw->pw_name isn't a valid
> thing to do. Should this just be 'user'? I'm not even 100% sure of the
> validity of passing NULL as collect function (acceptable in 4.0g manpage,
> not mentioned in 4.0d manpage).
Not having a DEC box, I can't comment on the usage of the sia_ functions,
but this may make the above more correct.
Index: auth1.c
===================================================================
RCS file: /var/cvs/openssh/auth1.c,v
retrieving revision 1.29
diff -u -r1.29 auth1.c
--- auth1.c 2001/02/10 21:27:11 1.29
+++ auth1.c 2001/02/12 05:44:44
@@ -267,9 +267,9 @@
/* Do SIA auth with password */
if (sia_validate_user(NULL, saved_argc, saved_argv,
get_canonical_hostname(options.reverse_mapping_check),
- pw->pw_name, NULL, 0, NULL, password) == SIASUCCESS) {
+ authctxt->user, NULL, 0, NULL,
+ password) == SIASUCCESS)
authenticated = 1;
- }
#else /* !USE_PAM && !HAVE_OSF_SIA */
/* Try authentication with the password. */
authenticated = auth_password(pw, password);
-d
--
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer
More information about the openssh-unix-dev
mailing list