- CVE-2006-5051: Fix an unsafe signal hander reported by Mark Dowd. The

signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. On portable OpenSSH, this vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote.
author: Colin Watson <cjwatson@debian.org> 2006-09-29 11:36:40 +0000
committer: Colin Watson <cjwatson@debian.org> 2006-09-29 11:36:40 +0000
commit: b9438bbc073e792547318c8e343923748536529c (patch)
tree: 267f9815b8386617219421d862be309b73758c6b /sshd.c
parent: 0b228013734983ec12ddaa535d42704b5e4cee90 (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/sshd.c b/sshd.c
index 85b679d5e..b1776ef45 100644
--- a/sshd.c
+++ b/sshd.c
@@ -310,13 +310,11 @@ main_sigchld_handler(int sig)
 static void
 grace_alarm_handler(int sig)
 {
-        /* XXX no idea how fix this signal handler */
        if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0)
                kill(pmonitor->m_pid, SIGALRM);
        /* Log error and exit. */
-        fatal("Timeout before authentication for %s", get_remote_ipaddr());
+        sigdie("Timeout before authentication for %s", get_remote_ipaddr());
 }
 /*
@@ -1797,6 +1795,7 @@ main(int ac, char **av)
         */
        alarm(0);
        signal(SIGALRM, SIG_DFL);
+        authctxt->authenticated = 1;
        if (startup_pipe != -1) {
                close(startup_pipe);
                startup_pipe = -1;
author	Colin Watson <cjwatson@debian.org>	2006-09-29 11:36:40 +0000
committer	Colin Watson <cjwatson@debian.org>	2006-09-29 11:36:40 +0000
commit	b9438bbc073e792547318c8e343923748536529c (patch)
tree	267f9815b8386617219421d862be309b73758c6b /sshd.c
parent	0b228013734983ec12ddaa535d42704b5e4cee90 (diff)