2.9p1?? core dump in auth_log
Carson Gaspar
carson at taltos.org
Thu May 3 05:20:49 EST 2001
auth.c:auth_log contains the following code:
authlog("%s %s for %s%.100s from %.200s port %d%s",
authmsg,
method,
authctxt->valid ? "" : "illegal user ",
---> authctxt->valid && authctxt->pw->pw_uid == 0 ? "ROOT" :
authctxt->user,
get_remote_ipaddr(),
get_remote_port(),
info);
If authctxt->user is null, this will dump core. I discovered this using
SSH1 publickey auth with my hacked 20010424 CVS sources. auth.c and auth1.c
haven't changed since then, so I suspect this may still be lurking. I'm
going to test it against 2.9p1 as soon as I can, but I have to run off to
jury duty now (feh).
A local patch is to change the marked line above to:
authctxt->valid ? (authctxt->pw->pw_uid == 0 ? "ROOT" : authctxt->user) :
"unknown user",
A larger issue is why getpwnam() hasn't been called by that point...
--
Carson Gaspar - carson at taltos.org
Queen trapped in a butch body
More information about the openssh-unix-dev
mailing list