- dtucker@cvs.openbsd.org 2010/03/07 11:57:13

     [auth-rhosts.c monitor.c monitor_wrap.c session.c auth-options.c sshd.c]
     Hold authentication debug messages until after successful authentication.
     Fixes an info leak of environment variables specified in authorized_keys,
     reported by Jacob Appelbaum.  ok djm@

1 files changed, 1 insertions, 18 deletions

diff --git a/monitor_wrap.c b/monitor_wrap.c
index b8e8710f7..faeb02cfa 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.68 2009/06/22 05:39:28 dtucker Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.69 2010/03/07 11:57:13 dtucker Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -347,19 +347,6 @@ mm_auth_rhosts_rsa_key_allowed(struct passwd *pw, char *user,
         return (ret);
 }
 
-static void
-mm_send_debug(Buffer *m)
-{
-        char *msg;
-
-        while (buffer_len(m)) {
-                msg = buffer_get_string(m, NULL);
-                debug3("%s: Sending debug: %s", __func__, msg);
-                packet_send_debug("%s", msg);
-                xfree(msg);
-        }
-}
-
 int
 mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
 {
@@ -393,9 +380,6 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
         have_forced = buffer_get_int(&m);
         forced_command = have_forced ? xstrdup("true") : NULL;
 
-        /* Send potential debug messages */
-        mm_send_debug(&m);
-
         buffer_free(&m);
 
         return (allowed);
@@ -1085,7 +1069,6 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
                 *rkey = key;
                 xfree(blob);
         }
-        mm_send_debug(&m);
         buffer_free(&m);
 
         return (allowed);