- CVE-2006-5051: Fix an unsafe signal hander reported by Mark Dowd. The

signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. On portable OpenSSH, this vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote.
author: Colin Watson <cjwatson@debian.org> 2006-09-29 11:36:40 +0000
committer: Colin Watson <cjwatson@debian.org> 2006-09-29 11:36:40 +0000
commit: b9438bbc073e792547318c8e343923748536529c (patch)
tree: 267f9815b8386617219421d862be309b73758c6b /session.c
parent: 0b228013734983ec12ddaa535d42704b5e4cee90 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/session.c b/session.c
index daad03929..3420db57d 100644
--- a/session.c
+++ b/session.c
@@ -2440,7 +2440,7 @@ do_cleanup(Authctxt *authctxt)
                return;
        called = 1;
-        if (authctxt == NULL)
+        if (authctxt == NULL || !authctxt->authenticated)
                return;
 #ifdef KRB5
        if (options.kerberos_ticket_cleanup &&
author	Colin Watson <cjwatson@debian.org>	2006-09-29 11:36:40 +0000
committer	Colin Watson <cjwatson@debian.org>	2006-09-29 11:36:40 +0000
commit	b9438bbc073e792547318c8e343923748536529c (patch)
tree	267f9815b8386617219421d862be309b73758c6b /session.c
parent	0b228013734983ec12ddaa535d42704b5e4cee90 (diff)

diff --git a/session.c b/session.c index daad03929..3420db57d 100644 --- a/session.c +++ b/session.c
@@ -2440,7 +2440,7 @@ do_cleanup(Authctxt *authctxt)
2440	return;	2440	return;
2441	called = 1;	2441	called = 1;
2442		2442
2443	if (authctxt == NULL)	2443	if (authctxt == NULL \|\| !authctxt->authenticated)
2444	return;	2444	return;
2445	#ifdef KRB5	2445	#ifdef KRB5
2446	if (options.kerberos_ticket_cleanup &&	2446	if (options.kerberos_ticket_cleanup &&