[Bug 1322] pam_end() is not called if authentication fails, which breaks pam-abl
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Thu Jul 12 01:17:45 EST 2007
http://bugzilla.mindrot.org/show_bug.cgi?id=1322
Sandro Wefel <sandro.wefel at informatik.uni-halle.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |sandro.wefel at informatik.uni-
| |halle.de
--- Comment #7 from Sandro Wefel <sandro.wefel at informatik.uni-halle.de> 2007-07-12 01:17:41 ---
Please have a look at the attached patch (id=1325).
The idea is to call sshpam_cleanup() if authctxt->authenticated is not
set before the KRB5 and GSSAPI blocks. After the pam-call we just
return from the function do_cleanup(). This means that
krb5_cleanup_proc(authctxt) is not called with an invalid parameter but
the sshpam_cleanup() is done which leads to the pam_end call.
IMHO this should avoid the signal handler race condition CVE-2006-5051
in krb5_cleanup_proc but calls pam_end() if the user authentication
fails.
--
Configure bugmail: http://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list