Bug report: OpenSSH 3.1p1
Royce Howland
rhowland at nucleum.com
Thu May 9 15:54:09 EST 2002
I believe auth-rhosts.c, function check_rhosts_file(), contains a bug
that shows up when doing host-based authentication where the
client_user name is not the same as the server_user name.
Line 76 reads:
strlcpy(userbuf, server_user, sizeof(userbuf));
I believe it should read:
strlcpy(userbuf, client_user, sizeof(userbuf));
Otherwise later in the function this test will fail:
/* Verify that user name matches. */
if (user[0] == '@') {
if (!innetgr(user + 1, NULL, client_user, NULL))
continue;
} else if (strcmp(user, client_user) != 0)
continue; /* Different username. */
Please reply directly if necessary; I'm not subscribed to this list.
Royce Howland
More information about the openssh-unix-dev
mailing list