Bug report: OpenSSH 3.1p1

Markus Friedl markus at openbsd.org
Mon May 13 01:11:29 EST 2002


this is how .rhosts is supposed to work.

On Wed, May 08, 2002 at 11:54:09PM -0600, Royce Howland wrote:
> I believe auth-rhosts.c, function check_rhosts_file(), contains a bug
> that shows up when doing host-based authentication where the
> client_user name is not the same as the server_user name.
> 
> Line 76 reads:
> strlcpy(userbuf, server_user, sizeof(userbuf));
> 
> I believe it should read:
> strlcpy(userbuf, client_user, sizeof(userbuf));
> 
> Otherwise later in the function this test will fail:
> /* Verify that user name matches. */
> if (user[0] == '@') {
>     if (!innetgr(user + 1, NULL, client_user, NULL))
>         continue;
> } else if (strcmp(user, client_user) != 0)
>     continue;   /* Different username. */
> 
> Please reply directly if necessary; I'm not subscribed to this list.
> 
> Royce Howland
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev



More information about the openssh-unix-dev mailing list