Date: Sun, 5 Nov 2000 18:38:51 +0900 (JST) From: sanewo@ba2.so-net.ne.jp To: FreeBSD-gnats-submit@freebsd.org Subject: bin/22614: pam_ssh dumps core Message-ID: <200011050938.eA59cpi17495@ba2.so-net.ne.jp>
next in thread | raw e-mail | index | archive | help
>Number: 22614 >Category: bin >Synopsis: pam_ssh dumps core >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Nov 05 01:40:00 PST 2000 >Closed-Date: >Last-Modified: >Originator: Takanori Saneto >Release: FreeBSD 4.2-BETA i386 >Organization: an individual >Environment: FreeBSD muse.sanewo 4.2-BETA FreeBSD 4.2-BETA #3: Fri Nov 3 10:25:50 JST 2000 sanewo:/usr/obj/usr/src/sys/MUSE i386 >Description: Whan pam_ssh.so is invoked (somehow) by xdm, it will dump core because of incorrect argument passing in pam_sm_open_session for ssh_add_identity (as compiler warns as follows). cc -O -pipe -Wall -I/usr/src/lib/libpam/modules/pam_ssh/../../../../crypto/openssh -c /usr/src/lib/libpam/modules/pam_ssh/../../../../crypto/openssh/pam_ssh/pam_ssh.c -o pam_ssh.o /usr/src/lib/libpam/modules/pam_ssh/../../../../crypto/openssh/pam_ssh/pam_ssh.c: In function `pam_sm_open_session': /usr/src/lib/libpam/modules/pam_ssh/../../../../crypto/openssh/pam_ssh/pam_ssh.c:446: warning: passing arg 2 of `ssh_add_identity' from incompatible pointer type >How-To-Repeat: After applying patch which I sent as another PR ("fix for xdm to cope with PAM") and modifying /etc/pam.conf as follows: xdm account required pam_unix.so try_first_pass xdm auth requisite pam_cleartext_pass_ok.so xdm auth sufficient pam_ssh.so try_first_pass xdm auth required pam_unix.so xdm password required pam_deny.so xdm session optional pam_ssh.so xdm session required pam_deny.so logging in with xdm cause immediate core dump. >Fix: Following patch will fix the problem. (both -stable and -current) Index: crypto/openssh/pam_ssh/pam_ssh.c =================================================================== RCS file: /export/cvsup/cvs/src/crypto/openssh/pam_ssh/pam_ssh.c,v retrieving revision 1.3.2.2 diff -u -r1.3.2.2 pam_ssh.c --- crypto/openssh/pam_ssh/pam_ssh.c 2000/10/28 23:01:02 1.3.2.2 +++ crypto/openssh/pam_ssh/pam_ssh.c 2000/11/05 07:24:45 @@ -443,7 +443,7 @@ env_destroy(ssh_env); return PAM_SESSION_ERR; } - retval = ssh_add_identity(ac, key.rsa, comment); + retval = ssh_add_identity(ac, &key, comment); ssh_close_authentication_connection(ac); env_swap(ssh_env, 0); return retval ? PAM_SUCCESS : PAM_SESSION_ERR; BTW, I found that ports/security/openssh/files/pam_ssh.c is already fixed this way. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011050938.eA59cpi17495>