From owner-freebsd-bugs  Thu Jul 11 10: 0:41 2002
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5CFEE37B401
	for <freebsd-bugs@hub.freebsd.org>; Thu, 11 Jul 2002 10:00:34 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D05E743E09
	for <freebsd-bugs@hub.freebsd.org>; Thu, 11 Jul 2002 10:00:33 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6BH0XJU057097
	for <freebsd-bugs@freefall.freebsd.org>; Thu, 11 Jul 2002 10:00:33 -0700 (PDT)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6BH0Xrb057094;
	Thu, 11 Jul 2002 10:00:33 -0700 (PDT)
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DD18437B400
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 11 Jul 2002 09:59:40 -0700 (PDT)
Received: from www.freebsd.org (www.FreeBSD.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8626A43E42
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 11 Jul 2002 09:59:40 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.4/8.12.4) with ESMTP id g6BGxeOT047406
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 11 Jul 2002 09:59:40 -0700 (PDT)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.4/8.12.4/Submit) id g6BGxeJK047405;
	Thu, 11 Jul 2002 09:59:40 -0700 (PDT)
Message-Id: <200207111659.g6BGxeJK047405@www.freebsd.org>
Date: Thu, 11 Jul 2002 09:59:40 -0700 (PDT)
From: OISHI Masakuni <yamasa@ec.catv.ne.jp>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-1.0
Subject: bin/40463: pam_ssh is broken - dumps core
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org


>Number:         40463
>Category:       bin
>Synopsis:       pam_ssh is broken - dumps core
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 11 10:00:33 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     OISHI Masakuni
>Release:        FreeBSD 4.6-STABLE
>Organization:
>Environment:
>Description:
      After pam_ssh was updated on July 3, it dumps core with the following messages.

Jul  8 00:01:18 genesis /kernel: pid 147 (xdm), uid 0: exited on signal 10 (core dumped)

>How-To-Repeat:
      Try to login with the following pam.conf.

/etc/pam.conf:
xdm     auth    required        pam_unix.so
xdm     auth    optional        pam_ssh.so      use_first_pass
xdm     account required        pam_unix.so
xdm     session optional        pam_ssh.so
xdm     session required        pam_permit.so
xdm     password required       pam_deny.so
>Fix:
      Apply this patch against src/lib/libpam/modules/pam_ssh/pam_ssh.c.

--- pam_ssh.c.orig      Thu Jul 11 01:18:34 2002
+++ pam_ssh.c   Thu Jul 11 01:37:00 2002
@@ -263,7 +263,8 @@
        int authenticated;              /* user authenticated? */
        char *dotdir;                   /* .ssh dir name */
        char *file;                     /* current key file */
-       char *keyfiles;                 /* list of key files to add */
+       char *kfspec;                   /* list of key files to add */
+       char *keyfiles;
        const char *pass;               /* passphrase */
        const struct passwd *pwent;     /* user's passwd entry */
        struct passwd *pwent_keep;      /* our own copy */
@@ -272,8 +273,8 @@
 
        pam_std_option(&options, other_options, argc, argv);
 
-       if (!pam_test_option(&options, PAM_OPT_KEYFILES, &keyfiles)) {
-               keyfiles = DEF_KEYFILES;
+       if (!pam_test_option(&options, PAM_OPT_KEYFILES, &kfspec)) {
+               kfspec = DEF_KEYFILES;
        }
 
        if ((retval = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
@@ -299,11 +300,13 @@
                return (PAM_SERVICE_ERR);
        }
        authenticated = 0;
+       keyfiles = strdup(kfspec);
        for (file = strtok(keyfiles, SEP_KEYFILES); file;
             file = strtok(NULL, SEP_KEYFILES))
                if (auth_via_key(pamh, file, dotdir, pwent, pass, &options) ==
                    PAM_SUCCESS)
                        authenticated++;
+       free(keyfiles);
        free(dotdir);
        if (!authenticated)
                return (PAM_AUTH_ERR);

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message