From owner-cvs-all Sun Jun 11 1:17:53 2000 Delivered-To: cvs-all@freebsd.org Received: from david.siemens.de (david.siemens.de [192.35.17.14]) by hub.freebsd.org (Postfix) with ESMTP id 3F80D37B752; Sun, 11 Jun 2000 01:17:43 -0700 (PDT) (envelope-from ust@cert.siemens.de) X-Envelope-Sender-Is: ust@cert.siemens.de (at relayer david.siemens.de) Received: from mail2.siemens.de (mail2.siemens.de [139.25.208.11]) by david.siemens.de (8.10.1/8.10.1) with ESMTP id e5B8HfR20858; Sun, 11 Jun 2000 10:17:42 +0200 (MET DST) Received: from mars.cert.siemens.de (ust.mchp.siemens.de [139.23.201.17]) by mail2.siemens.de (8.10.1/8.10.1) with ESMTP id e5B8HfI29162; Sun, 11 Jun 2000 10:17:41 +0200 (MET DST) Received: from alaska.cert.siemens.de (reims.mchp.siemens.de [139.23.202.134]) by mars.cert.siemens.de (8.10.2/8.10.2/Siemens CERT [ $Revision: 1.8 ]) with ESMTP id e5B8Hfm18990; Sun, 11 Jun 2000 10:17:41 +0200 (CEST) Received: (from ust@localhost) by alaska.cert.siemens.de (8.10.2/8.10.2/alaska [ $Revision: 1.4 ]) id e5B8Hf423313; Sun, 11 Jun 2000 08:17:41 GMT Date: Sun, 11 Jun 2000 10:17:41 +0200 From: Udo Schweigert To: Kris Kennaway Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/crypto/openssh session.c Message-ID: <20000611101741.A23252@alaska.cert.siemens.de> Mail-Followup-To: Kris Kennaway , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG References: <200006102238.AAA09849@internat.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <200006102238.AAA09849@internat.freebsd.org>; from kris@FreeBSD.ORG on Sun, Jun 11, 2000 at 12:38:13AM +0200 X-Operating-System: FreeBSD 4.0-STABLE Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, Jun 11, 2000 at 00:38:13 +0200, Kris Kennaway wrote: > kris 2000/06/11 00:38:13 SAST > > FreeBSD International Crypto Repository > > Modified files: (Branch: RELENG_4) > crypto/openssh session.c > Log: > MFC: Security botch > > Revision Changes Path > 1.4.2.2 +5 -1 src/crypto/openssh/session.c > This broke sshd. A patch like the one attached fixed it for me. Regards -- Udo Schweigert, Siemens AG | Voice : +49 89 636 42170 ZT IK 3, Siemens CERT | Fax : +49 89 636 41166 D-81730 Muenchen / Germany | email : ust@cert.siemens.de PGP-2/5 fingerprint | D8 A5 DF 34 EC 87 E8 C6 E2 26 C4 D0 EE 80 36 B2 --- session.c.orig Sun Jun 11 09:14:28 2000 +++ session.c Sun Jun 11 10:11:47 2000 @@ -858,13 +858,15 @@ struct stat st; char *argv[10]; +#ifdef LOGIN_CAP + login_cap_t *lc; +#endif /* LOGIN_CAP */ + /* login(1) is only called if we execute the login shell */ if (options.use_login && command != NULL) options.use_login = 0; #ifdef LOGIN_CAP - login_cap_t *lc; - lc = login_getpwclass(pw); if (lc == NULL) lc = login_getclassbyname(NULL, pw); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message