Date: Sun, 5 Nov 2000 18:38:51 +0900 (JST) From: sanewo@ba2.so-net.ne.jp To: FreeBSD-gnats-submit@freebsd.org Subject: bin/22614: pam_ssh dumps core Message-ID: <200011050938.eA59cpi17495@ba2.so-net.ne.jp>
next in thread | raw e-mail | index | archive | help
>Number: 22614
>Category: bin
>Synopsis: pam_ssh dumps core
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Nov 05 01:40:00 PST 2000
>Closed-Date:
>Last-Modified:
>Originator: Takanori Saneto
>Release: FreeBSD 4.2-BETA i386
>Organization:
an individual
>Environment:
FreeBSD muse.sanewo 4.2-BETA FreeBSD 4.2-BETA #3: Fri Nov 3 10:25:50 JST 2000 sanewo:/usr/obj/usr/src/sys/MUSE i386
>Description:
Whan pam_ssh.so is invoked (somehow) by xdm, it will dump core because of incorrect argument
passing in pam_sm_open_session for ssh_add_identity (as compiler warns as follows).
cc -O -pipe -Wall -I/usr/src/lib/libpam/modules/pam_ssh/../../../../crypto/openssh -c /usr/src/lib/libpam/modules/pam_ssh/../../../../crypto/openssh/pam_ssh/pam_ssh.c -o pam_ssh.o
/usr/src/lib/libpam/modules/pam_ssh/../../../../crypto/openssh/pam_ssh/pam_ssh.c: In function `pam_sm_open_session':
/usr/src/lib/libpam/modules/pam_ssh/../../../../crypto/openssh/pam_ssh/pam_ssh.c:446: warning: passing arg 2 of `ssh_add_identity' from incompatible pointer type
>How-To-Repeat:
After applying patch which I sent as another PR ("fix for xdm to cope with PAM") and
modifying /etc/pam.conf as follows:
xdm account required pam_unix.so try_first_pass
xdm auth requisite pam_cleartext_pass_ok.so
xdm auth sufficient pam_ssh.so try_first_pass
xdm auth required pam_unix.so
xdm password required pam_deny.so
xdm session optional pam_ssh.so
xdm session required pam_deny.so
logging in with xdm cause immediate core dump.
>Fix:
Following patch will fix the problem. (both -stable and -current)
Index: crypto/openssh/pam_ssh/pam_ssh.c
===================================================================
RCS file: /export/cvsup/cvs/src/crypto/openssh/pam_ssh/pam_ssh.c,v
retrieving revision 1.3.2.2
diff -u -r1.3.2.2 pam_ssh.c
--- crypto/openssh/pam_ssh/pam_ssh.c 2000/10/28 23:01:02 1.3.2.2
+++ crypto/openssh/pam_ssh/pam_ssh.c 2000/11/05 07:24:45
@@ -443,7 +443,7 @@
env_destroy(ssh_env);
return PAM_SESSION_ERR;
}
- retval = ssh_add_identity(ac, key.rsa, comment);
+ retval = ssh_add_identity(ac, &key, comment);
ssh_close_authentication_connection(ac);
env_swap(ssh_env, 0);
return retval ? PAM_SUCCESS : PAM_SESSION_ERR;
BTW, I found that ports/security/openssh/files/pam_ssh.c is already fixed this way.
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011050938.eA59cpi17495>