thr3ads.net - openssh bugs - [Bug 902] get_remote_port() can kill sshd in auth

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at mindrot.org

2004-Jul-20 23:09 UTC

[Bug 902] get_remote_port() can kill sshd in auth_log()

http://bugzilla.mindrot.org/show_bug.cgi?id=902

           Summary: get_remote_port() can kill sshd in auth_log()
           Product: Portable OpenSSH
           Version: 3.8.1p1
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: peak at argo.troja.mff.cuni.cz


The daemon calls get_remote_port() in auth_log(). If the client closes the
connection between the authentication failure and the invocation of auth_log()
(e.g. during PAM-enforced post-failure delay) then getpeername() fails (the
socket is not connected any longer), get_sock_port() kills the daemon (almost
silently only a debugging message!), and auth_log() is never finished.

One possible fix is to make get_remote_port() cache information in the same way
it is cached by get_remote_ipaddr().



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

bugzilla-daemon at mindrot.org

2004-Jul-20 23:10 UTC

head link

[Bug 902] get_remote_port() can kill sshd in auth_log()

http://bugzilla.mindrot.org/show_bug.cgi?id=902





------- Additional Comments From peak at argo.troja.mff.cuni.cz  2004-07-21
09:10 -------
Created an attachment (id=693)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=693&action=view)
proposed fix




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

bugzilla-daemon at mindrot.org

2004-Jul-21 11:54 UTC

head link

[Bug 902] get_remote_port() can kill sshd in auth_log()

http://bugzilla.mindrot.org/show_bug.cgi?id=902

djm at mindrot.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED



------- Additional Comments From djm at mindrot.org  2004-07-21 21:54 -------
Patch applied - thanks!



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

openssh bugs - Jul 2004 - [Bug 902] get_remote_port() can kill sshd in auth_log()

[Bug 902] get_remote_port() can kill sshd in auth_log()

[Bug 902] get_remote_port() can kill sshd in auth_log()

[Bug 902] get_remote_port() can kill sshd in auth_log()