I believe auth-rhosts.c, function check_rhosts_file(), contains a bug
that shows up when doing host-based authentication where the
client_user name is not the same as the server_user name.
Line 76 reads:
strlcpy(userbuf, server_user, sizeof(userbuf));
I believe it should read:
strlcpy(userbuf, client_user, sizeof(userbuf));
Otherwise later in the function this test will fail:
/* Verify that user name matches. */
if (user[0] == '@') {
if (!innetgr(user + 1, NULL, client_user, NULL))
continue;
} else if (strcmp(user, client_user) != 0)
continue; /* Different username. */
Please reply directly if necessary; I'm not subscribed to this list.
Royce Howland
this is how .rhosts is supposed to work. On Wed, May 08, 2002 at 11:54:09PM -0600, Royce Howland wrote:> I believe auth-rhosts.c, function check_rhosts_file(), contains a bug > that shows up when doing host-based authentication where the > client_user name is not the same as the server_user name. > > Line 76 reads: > strlcpy(userbuf, server_user, sizeof(userbuf)); > > I believe it should read: > strlcpy(userbuf, client_user, sizeof(userbuf)); > > Otherwise later in the function this test will fail: > /* Verify that user name matches. */ > if (user[0] == '@') { > if (!innetgr(user + 1, NULL, client_user, NULL)) > continue; > } else if (strcmp(user, client_user) != 0) > continue; /* Different username. */ > > Please reply directly if necessary; I'm not subscribed to this list. > > Royce Howland > _______________________________________________ > openssh-unix-dev at mindrot.org mailing list > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
Possibly Parallel Threads
- Rhosts-RSA authentication broken
- ssh_rsa_verify: RSA_verify failed: error:
- OpenSSH 3.4p1 hostbased auth - howto?
- [Bug 356] New: 3.4p1 hostbased authentication between Linux and Solaris
- [Bug 2541] New: Add explicit_bzero() before free() in OpenSSH-7.1p2 for auth1.c/auth2.c/auth2-hostbased.c