Kerberos / PAM bug in OpenSSH CVS
Damien Miller
djm at mindrot.org
Tue Nov 13 11:20:41 EST 2001
On Tue, 13 Nov 2001, Simon Wilkinson wrote:
> In do_authloop() in auth1.c(), the Kerberos 4 and 5 code both allocate, then
> xfree() the client_user string. The call to do_pam_account() later in the
> function then tries to use this string, resulting in a corrupt remote user.
>
> Finally, before exiting, the function frees client_user again, resulting in a
> double free and much mess.
>
> Patch attached.
Applied - thanks!
Could you resend your krb5 patch to the list?
Thanks,
Damien Miller
--
| By convention there is color, \\ Damien Miller <djm at mindrot.org>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)
More information about the openssh-unix-dev
mailing list