From 22e22bf9bab94862c860ad4ed652f308dda63f81 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Fri, 19 Jan 2001 15:46:38 +1100
Subject:  - (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai
 <nalin@redhat.com>)    to fix NULL pointer deref and fake authloop breakage
 in PAM code.

---
 ChangeLog   | 2 ++
 auth-pam.c  | 8 ++++----
 auth-pam.h  | 2 +-
 auth1.c     | 2 +-
 auth2-pam.c | 8 +++-----
 auth2.c     | 5 ++++-
 6 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 8b5df6fde..261ca19ba 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -17,6 +17,8 @@
    - markus@cvs.openbsd.org 2001/01/18 17:12:43
      [auth-chall.c auth2-chall.c]
      rename *-skey.c *-chall.c since the files are not skey specific
+ - (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai <nalin@redhat.com>)
+   to fix NULL pointer deref and fake authloop breakage in PAM code.
  
 20010118
  - (bal) Super Sized OpenBSD Resync
diff --git a/auth-pam.c b/auth-pam.c
index 07847cb9d..befb84c08 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -29,7 +29,7 @@
 #include "xmalloc.h"
 #include "servconf.h"
 
-RCSID("$Id: auth-pam.c,v 1.20 2000/12/20 02:34:49 djm Exp $");
+RCSID("$Id: auth-pam.c,v 1.21 2001/01/19 04:46:38 djm Exp $");
 
 #define NEW_AUTHTOK_MSG \
 	"Warning: Your password has expired, please change it now"
@@ -323,13 +323,13 @@ void finish_pam(void)
 }
 
 /* Start PAM authentication for specified account */
-void start_pam(struct passwd *pw)
+void start_pam(const char *user)
 {
 	int pam_retval;
 
-	debug("Starting up PAM with username \"%.200s\"", pw->pw_name);
+	debug("Starting up PAM with username \"%.200s\"", user);
 
-	pam_retval = pam_start(SSHD_PAM_SERVICE, pw->pw_name, &conv, &pamh);
+	pam_retval = pam_start(SSHD_PAM_SERVICE, user, &conv, &pamh);
 
 	if (pam_retval != PAM_SUCCESS) {
 		fatal("PAM initialisation failed[%d]: %.200s", 
diff --git a/auth-pam.h b/auth-pam.h
index ca261afeb..68d446592 100644
--- a/auth-pam.h
+++ b/auth-pam.h
@@ -3,7 +3,7 @@
 
 #include <pwd.h> /* For struct passwd */
 
-void start_pam(struct passwd *pw);
+void start_pam(const char *user);
 void finish_pam(void);
 int auth_pam_password(struct passwd *pw, const char *password);
 char **fetch_pam_environment(void);
diff --git a/auth1.c b/auth1.c
index 0f21c4c7c..ee165a442 100644
--- a/auth1.c
+++ b/auth1.c
@@ -414,7 +414,7 @@ do_authentication()
 
 #ifdef USE_PAM
 	if (pw)
-		start_pam(pw);
+		start_pam(user);
 #endif
 
 	/*
diff --git a/auth2-pam.c b/auth2-pam.c
index 498cc7461..d1d840972 100644
--- a/auth2-pam.c
+++ b/auth2-pam.c
@@ -1,5 +1,5 @@
 #include "includes.h"
-RCSID("$Id: auth2-pam.c,v 1.3 2001/01/19 04:26:52 mouring Exp $");
+RCSID("$Id: auth2-pam.c,v 1.4 2001/01/19 04:46:38 djm Exp $");
 
 #ifdef USE_PAM
 #include "ssh.h"
@@ -36,10 +36,8 @@ auth2_pam(Authctxt *authctxt)
 	if (authctxt->user == NULL)
 		fatal("auth2_pam: internal error: no user");
 
-	if (authctxt->valid) {
-		conv2.appdata_ptr = authctxt;
-		pam_set_conv(&conv2);
-	}
+	conv2.appdata_ptr = authctxt;
+	pam_set_conv(&conv2);
 
 	dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE,
 		     &input_userauth_info_response_pam);
diff --git a/auth2.c b/auth2.c
index 348c2f3a4..bab1c2ed8 100644
--- a/auth2.c
+++ b/auth2.c
@@ -210,10 +210,13 @@ input_userauth_request(int type, int plen, void *ctxt)
 			authctxt->valid = 1;
 			debug2("input_userauth_request: setting up authctxt for %s", user);
 #ifdef USE_PAM
-			start_pam(pw);
+			start_pam(pw->pw_name);
 #endif
 		} else {
 			log("input_userauth_request: illegal user %s", user);
+#ifdef USE_PAM
+			start_pam("NOUSER");
+#endif
 		}
 		authctxt->user = xstrdup(user);
 		authctxt->service = xstrdup(service);
-- 
cgit v1.2.3