Bug report: OpenSSH 3.1p1

Royce Howland rhowland at nucleum.com
Thu May 9 15:54:09 EST 2002

I believe auth-rhosts.c, function check_rhosts_file(), contains a bug
that shows up when doing host-based authentication where the
client_user name is not the same as the server_user name.

Line 76 reads:
strlcpy(userbuf, server_user, sizeof(userbuf));

I believe it should read:
strlcpy(userbuf, client_user, sizeof(userbuf));

Otherwise later in the function this test will fail:
/* Verify that user name matches. */
if (user[0] == '@') {
    if (!innetgr(user + 1, NULL, client_user, NULL))
} else if (strcmp(user, client_user) != 0)
    continue;   /* Different username. */

Please reply directly if necessary; I'm not subscribed to this list.

Royce Howland

More information about the openssh-unix-dev mailing list