From owner-freebsd-bugs  Sun Mar 11 22:10:10 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id E0EA937B71A
	for <freebsd-bugs@hub.freebsd.org>; Sun, 11 Mar 2001 22:10:01 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f2C6A1w40661;
	Sun, 11 Mar 2001 22:10:01 -0800 (PST)
	(envelope-from gnats)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 88DC037B718
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 11 Mar 2001 22:07:26 -0800 (PST)
	(envelope-from nobody@FreeBSD.org)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f2C67Qf40264;
	Sun, 11 Mar 2001 22:07:26 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200103120607.f2C67Qf40264@freefall.freebsd.org>
Date: Sun, 11 Mar 2001 22:07:26 -0800 (PST)
From: seraf@2600.com
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-1.0
Subject: bin/25722: OpenSSH on 4.2 dumps core from illegal user
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         25722
>Category:       bin
>Synopsis:       OpenSSH on 4.2 dumps core from illegal user
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Mar 11 22:10:01 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     Dominick LaTrappe
>Release:        4.2-20010212-STABLE
>Organization:
>Environment:
FreeBSD pocks.tdl-m.sambuca 4.2-20010212-STABLE FreeBSD 4.2-20010212-STABLE #4: Wed Feb 13 08:09:25 UTC 2001     sysbuild@protopocks.tdl.dev.sambuca :/usr/src/sys/compile/POCKS_M  i386
>Description:
sshd in SSH-2 mode dumps core to the tune of signal 11 when an illegal username is attempted by the client. This has been tested with OpenSSH and lsh clients. The last log message entered is "input_userauth_request: illegal user [username]".
>How-To-Repeat:
ssh -2 aleistercrowley666@localhost
>Fix:
Dirty patch with strange coincidence of dates:

--- src/crypto/openssh/auth2.c.orig     Fri Jan 12 04:25:55 2001
+++ src/crypto/openssh/auth2.c  Mon Mar 12 05:23:10 2001
@@ -215,6 +215,9 @@
 #endif
                } else {
                        log("input_userauth_request: illegal user %s", user);
+                       log("Failed pwuser for %.200s from %.200s port %d ssh2",
+                           user, get_remote_ipaddr(), get_remote_port());
+                       packet_disconnect("Login unknown.");
                }
                authctxt->user = xstrdup(user);
                authctxt->service = xstrdup(service);

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message