diff options
| author | Damien Miller <djm@mindrot.org> | 2001-12-29 14:08:28 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2001-12-29 14:08:28 +1100 |
| commit | 0dea79d6b6ea4699fa4dfd19b07adbff1d736d70 (patch) | |
| tree | bcbaf8b74598f0b3752334f71aa194c48128d3b5 | |
| parent | 6cb127fc14a32667571f843a8de5d8cf0cf10e29 (diff) | |
- (djm) Apply Cygwin pointer deref fix from Corinna Vinschen
<vinschen@redhat.com> Could be abused to guess valid usernames
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | auth1.c | 4 | ||||
| -rw-r--r-- | auth2.c | 8 | ||||
| -rw-r--r-- | openbsd-compat/bsd-cygwin_util.c | 8 | ||||
| -rw-r--r-- | openbsd-compat/bsd-cygwin_util.h | 4 |
5 files changed, 18 insertions, 12 deletions
| @@ -1,3 +1,7 @@ | |||
| 1 | 20011229 | ||
| 2 | - (djm) Apply Cygwin pointer deref fix from Corinna Vinschen | ||
| 3 | <vinschen@redhat.com> Could be abused to guess valid usernames | ||
| 4 | |||
| 1 | 20011228 | 5 | 20011228 |
| 2 | - (djm) Remove recommendation to use GNU make, we should support most | 6 | - (djm) Remove recommendation to use GNU make, we should support most |
| 3 | make programs. | 7 | make programs. |
| @@ -7108,4 +7112,4 @@ | |||
| 7108 | - Wrote replacements for strlcpy and mkdtemp | 7112 | - Wrote replacements for strlcpy and mkdtemp |
| 7109 | - Released 1.0pre1 | 7113 | - Released 1.0pre1 |
| 7110 | 7114 | ||
| 7111 | $Id: ChangeLog,v 1.1709 2001/12/27 22:57:33 djm Exp $ | 7115 | $Id: ChangeLog,v 1.1710 2001/12/29 03:08:28 djm Exp $ |
| @@ -313,9 +313,9 @@ do_authloop(Authctxt *authctxt) | |||
| 313 | 313 | ||
| 314 | #ifdef HAVE_CYGWIN | 314 | #ifdef HAVE_CYGWIN |
| 315 | if (authenticated && | 315 | if (authenticated && |
| 316 | !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,pw->pw_uid)) { | 316 | !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) { |
| 317 | packet_disconnect("Authentication rejected for uid %d.", | 317 | packet_disconnect("Authentication rejected for uid %d.", |
| 318 | (int)pw->pw_uid); | 318 | pw == NULL ? -1 : pw->pw_uid); |
| 319 | authenticated = 0; | 319 | authenticated = 0; |
| 320 | } | 320 | } |
| 321 | #else | 321 | #else |
| @@ -335,7 +335,7 @@ userauth_none(Authctxt *authctxt) | |||
| 335 | return(0); | 335 | return(0); |
| 336 | 336 | ||
| 337 | #ifdef HAVE_CYGWIN | 337 | #ifdef HAVE_CYGWIN |
| 338 | if (check_nt_auth(1, authctxt->pw->pw_uid) == 0) | 338 | if (check_nt_auth(1, authctxt->pw) == 0) |
| 339 | return(0); | 339 | return(0); |
| 340 | #endif | 340 | #endif |
| 341 | #ifdef USE_PAM | 341 | #ifdef USE_PAM |
| @@ -361,7 +361,7 @@ userauth_passwd(Authctxt *authctxt) | |||
| 361 | packet_done(); | 361 | packet_done(); |
| 362 | if (authctxt->valid && | 362 | if (authctxt->valid && |
| 363 | #ifdef HAVE_CYGWIN | 363 | #ifdef HAVE_CYGWIN |
| 364 | check_nt_auth(1, authctxt->pw->pw_uid) && | 364 | check_nt_auth(1, authctxt->pw) && |
| 365 | #endif | 365 | #endif |
| 366 | #ifdef USE_PAM | 366 | #ifdef USE_PAM |
| 367 | auth_pam_password(authctxt->pw, password) == 1) | 367 | auth_pam_password(authctxt->pw, password) == 1) |
| @@ -398,7 +398,7 @@ userauth_kbdint(Authctxt *authctxt) | |||
| 398 | xfree(devs); | 398 | xfree(devs); |
| 399 | xfree(lang); | 399 | xfree(lang); |
| 400 | #ifdef HAVE_CYGWIN | 400 | #ifdef HAVE_CYGWIN |
| 401 | if (check_nt_auth(0, authctxt->pw->pw_uid) == 0) | 401 | if (check_nt_auth(0, authctxt->pw) == 0) |
| 402 | return(0); | 402 | return(0); |
| 403 | #endif | 403 | #endif |
| 404 | return authenticated; | 404 | return authenticated; |
| @@ -504,7 +504,7 @@ userauth_pubkey(Authctxt *authctxt) | |||
| 504 | xfree(pkalg); | 504 | xfree(pkalg); |
| 505 | xfree(pkblob); | 505 | xfree(pkblob); |
| 506 | #ifdef HAVE_CYGWIN | 506 | #ifdef HAVE_CYGWIN |
| 507 | if (check_nt_auth(0, authctxt->pw->pw_uid) == 0) | 507 | if (check_nt_auth(0, authctxt->pw) == 0) |
| 508 | return(0); | 508 | return(0); |
| 509 | #endif | 509 | #endif |
| 510 | return authenticated; | 510 | return authenticated; |
diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index 6d6aafa4f..b12725773 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c | |||
| @@ -15,7 +15,7 @@ | |||
| 15 | 15 | ||
| 16 | #include "includes.h" | 16 | #include "includes.h" |
| 17 | 17 | ||
| 18 | RCSID("$Id: bsd-cygwin_util.c,v 1.6 2001/11/27 01:19:44 tim Exp $"); | 18 | RCSID("$Id: bsd-cygwin_util.c,v 1.7 2001/12/29 03:08:30 djm Exp $"); |
| 19 | 19 | ||
| 20 | #ifdef HAVE_CYGWIN | 20 | #ifdef HAVE_CYGWIN |
| 21 | 21 | ||
| @@ -58,7 +58,7 @@ int binary_pipe(int fd[2]) | |||
| 58 | return ret; | 58 | return ret; |
| 59 | } | 59 | } |
| 60 | 60 | ||
| 61 | int check_nt_auth(int pwd_authenticated, uid_t uid) | 61 | int check_nt_auth(int pwd_authenticated, struct passwd *pw) |
| 62 | { | 62 | { |
| 63 | /* | 63 | /* |
| 64 | * The only authentication which is able to change the user | 64 | * The only authentication which is able to change the user |
| @@ -73,6 +73,8 @@ int check_nt_auth(int pwd_authenticated, uid_t uid) | |||
| 73 | */ | 73 | */ |
| 74 | static int has_create_token = -1; | 74 | static int has_create_token = -1; |
| 75 | 75 | ||
| 76 | if (pw == NULL) | ||
| 77 | return 0; | ||
| 76 | if (is_winnt) { | 78 | if (is_winnt) { |
| 77 | if (has_create_token < 0) { | 79 | if (has_create_token < 0) { |
| 78 | struct utsname uts; | 80 | struct utsname uts; |
| @@ -90,7 +92,7 @@ int check_nt_auth(int pwd_authenticated, uid_t uid) | |||
| 90 | } | 92 | } |
| 91 | } | 93 | } |
| 92 | if (has_create_token < 1 && | 94 | if (has_create_token < 1 && |
| 93 | !pwd_authenticated && geteuid() != uid) | 95 | !pwd_authenticated && geteuid() != pw->pw_uid) |
| 94 | return 0; | 96 | return 0; |
| 95 | } | 97 | } |
| 96 | return 1; | 98 | return 1; |
diff --git a/openbsd-compat/bsd-cygwin_util.h b/openbsd-compat/bsd-cygwin_util.h index 24063d311..c3d90518f 100644 --- a/openbsd-compat/bsd-cygwin_util.h +++ b/openbsd-compat/bsd-cygwin_util.h | |||
| @@ -13,7 +13,7 @@ | |||
| 13 | * binary mode on Windows systems. | 13 | * binary mode on Windows systems. |
| 14 | */ | 14 | */ |
| 15 | 15 | ||
| 16 | /* $Id: bsd-cygwin_util.h,v 1.5 2001/11/27 01:19:44 tim Exp $ */ | 16 | /* $Id: bsd-cygwin_util.h,v 1.6 2001/12/29 03:08:30 djm Exp $ */ |
| 17 | 17 | ||
| 18 | #ifndef _BSD_CYGWIN_UTIL_H | 18 | #ifndef _BSD_CYGWIN_UTIL_H |
| 19 | #define _BSD_CYGWIN_UTIL_H | 19 | #define _BSD_CYGWIN_UTIL_H |
| @@ -24,7 +24,7 @@ | |||
| 24 | 24 | ||
| 25 | int binary_open(const char *filename, int flags, ...); | 25 | int binary_open(const char *filename, int flags, ...); |
| 26 | int binary_pipe(int fd[2]); | 26 | int binary_pipe(int fd[2]); |
| 27 | int check_nt_auth(int pwd_authenticated, uid_t uid); | 27 | int check_nt_auth(int pwd_authenticated, struct passwd *pw); |
| 28 | int check_ntsec(const char *filename); | 28 | int check_ntsec(const char *filename); |
| 29 | void register_9x_service(void); | 29 | void register_9x_service(void); |
| 30 | 30 | ||