openssh unix dev - Feb 2003 - [Bug 492] New: Spurious error message from loginrec when attempting to login in with the highest uid for the first time.

http://bugzilla.mindrot.org/show_bug.cgi?id=492

           Summary: Spurious error message from loginrec when attempting to
                    login in with the highest uid for the first time.
           Product: Portable OpenSSH
           Version: 3.5p1
          Platform: ix86
        OS/Version: BSDI
            Status: NEW
          Severity: trivial
          Priority: P2
         Component: sshd
        AssignedTo: openssh-unix-dev at mindrot.org
        ReportedBy: anissen at securecomputing.com


In loginrec.c:lastlog_get_entry a lastlog_openseek is executed to open the
LASTLOG  and seek to the proper offset in the file.  When a user logs in for the
first time, if someone with a higher uid has not yet logged in, the lseek that
is performed will seek beyond the end of the file.  When an attempt is made to
read the file a EOF is returned.  Improper checking of the return value from
atomicio causes the following call to be made:

log("lastlog_get_entry: Error reading from %s: %s",LASTLOG_FILE,
strerror(errno));

This is incorrect as we are getting an EOF and errno will not be set with any
value of use.

To recreate the problem:

1) Add user to the box with a uid higher then the highest uid that has logged
into the box.
2) On the first login to the box with the new user, login through sshd.
3) In /var/log/messages see errors similar to:

Feb 11 14:02:37 flamingo sshd[22098]: lastlog_get_entry: Error reading from
/var/log/lastlog: Device not configured
Feb 11 14:08:14 flamingo sshd[22379]: lastlog_get_entry: Error reading from
/var/log/lastlog: Device not configured


I suggest the following change or similar be made to loginrec.c

anissen @ kings > diff -c ../openssh-3.5p1/loginrec.c loginrec.c
*** ../openssh-3.5p1/loginrec.c Wed Sep 25 19:38:49 2002
--- loginrec.c  Tue Feb 11 15:00:46 2003
***************
*** 1431,1437 ****
--- 1431,1448 ----
                /* find this uid's offset in the lastlog file */
                offset = (off_t) ((long)li->uid * sizeof(struct lastlog));
  
+               /*
+                * When opening lastlog for reading, seeking beyond the end of
+                * the file makes no sense.  Just tell the caller (currently
only
+                * lastlog_get_entry) that we could no perform the requested
action.
+                */
+               if ( filemode == O_RDONLY && (lseek(*fd, 0, SEEK_END)
>= offset)){
+                    close(*fd);
+                    return 0;
+               }
+ 
                if ( lseek(*fd, offset, SEEK_SET) != offset ) {
+                       close(*fd);
                        log("lastlog_openseek: %s->lseek(): %s",
                         lastlog_file, strerror(errno));
                        return 0;

Note that another fix could be to check the return value from atomicio and not
print out the error message if the value returned indicates EOF.

This fix has been compiled and tested on a BSDI box.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.