From owner-freebsd-bugs Sun Nov 5 1:40: 5 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 0EA0037B4CF for ; Sun, 5 Nov 2000 01:40:01 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id BAA52818; Sun, 5 Nov 2000 01:40:01 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from mgate11.so-net.ne.jp (mgate11.so-net.ne.jp [210.139.254.158]) by hub.freebsd.org (Postfix) with ESMTP id 0B05637B4FE for ; Sun, 5 Nov 2000 01:39:25 -0800 (PST) Received: from mail.ba2.so-net.ne.jp (mail.ba2.so-net.ne.jp [210.139.254.21]) by mgate11.so-net.ne.jp (8.9.3/3.7W00101717) with ESMTP id SAA22404 for ; Sun, 5 Nov 2000 18:39:22 +0900 (JST) Received: from ba2.so-net.ne.jp (pee4aac.tokynt01.ap.so-net.ne.jp [202.238.74.172]) by mail.ba2.so-net.ne.jp (8.8.8/3.7W99081617) with ESMTP id SAA00287 for ; Sun, 5 Nov 2000 18:39:21 +0900 (JST) Received: (from sanewo@localhost) by ba2.so-net.ne.jp (8.11.1/8.11.1) id eA59cpi17495; Sun, 5 Nov 2000 18:38:51 +0900 (JST) (envelope-from sanewo) Message-Id: <200011050938.eA59cpi17495@ba2.so-net.ne.jp> Date: Sun, 5 Nov 2000 18:38:51 +0900 (JST) From: sanewo@ba2.so-net.ne.jp Reply-To: sanewo@ba2.so-net.ne.jp To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: bin/22614: pam_ssh dumps core Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 22614 >Category: bin >Synopsis: pam_ssh dumps core >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Nov 05 01:40:00 PST 2000 >Closed-Date: >Last-Modified: >Originator: Takanori Saneto >Release: FreeBSD 4.2-BETA i386 >Organization: an individual >Environment: FreeBSD muse.sanewo 4.2-BETA FreeBSD 4.2-BETA #3: Fri Nov 3 10:25:50 JST 2000 sanewo:/usr/obj/usr/src/sys/MUSE i386 >Description: Whan pam_ssh.so is invoked (somehow) by xdm, it will dump core because of incorrect argument passing in pam_sm_open_session for ssh_add_identity (as compiler warns as follows). cc -O -pipe -Wall -I/usr/src/lib/libpam/modules/pam_ssh/../../../../crypto/openssh -c /usr/src/lib/libpam/modules/pam_ssh/../../../../crypto/openssh/pam_ssh/pam_ssh.c -o pam_ssh.o /usr/src/lib/libpam/modules/pam_ssh/../../../../crypto/openssh/pam_ssh/pam_ssh.c: In function `pam_sm_open_session': /usr/src/lib/libpam/modules/pam_ssh/../../../../crypto/openssh/pam_ssh/pam_ssh.c:446: warning: passing arg 2 of `ssh_add_identity' from incompatible pointer type >How-To-Repeat: After applying patch which I sent as another PR ("fix for xdm to cope with PAM") and modifying /etc/pam.conf as follows: xdm account required pam_unix.so try_first_pass xdm auth requisite pam_cleartext_pass_ok.so xdm auth sufficient pam_ssh.so try_first_pass xdm auth required pam_unix.so xdm password required pam_deny.so xdm session optional pam_ssh.so xdm session required pam_deny.so logging in with xdm cause immediate core dump. >Fix: Following patch will fix the problem. (both -stable and -current) Index: crypto/openssh/pam_ssh/pam_ssh.c =================================================================== RCS file: /export/cvsup/cvs/src/crypto/openssh/pam_ssh/pam_ssh.c,v retrieving revision 1.3.2.2 diff -u -r1.3.2.2 pam_ssh.c --- crypto/openssh/pam_ssh/pam_ssh.c 2000/10/28 23:01:02 1.3.2.2 +++ crypto/openssh/pam_ssh/pam_ssh.c 2000/11/05 07:24:45 @@ -443,7 +443,7 @@ env_destroy(ssh_env); return PAM_SESSION_ERR; } - retval = ssh_add_identity(ac, key.rsa, comment); + retval = ssh_add_identity(ac, &key, comment); ssh_close_authentication_connection(ac); env_swap(ssh_env, 0); return retval ? PAM_SUCCESS : PAM_SESSION_ERR; BTW, I found that ports/security/openssh/files/pam_ssh.c is already fixed this way. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message