From cd70e1b8137023539df57b175b733341d8f4d776 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Sun, 7 Mar 2010 23:05:17 +1100
Subject:    - dtucker@cvs.openbsd.org 2010/03/07 11:57:13      [auth-rhosts.c
 monitor.c monitor_wrap.c session.c auth-options.c sshd.c]      Hold
 authentication debug messages until after successful authentication.     
 Fixes an info leak of environment variables specified in authorized_keys,    
  reported by Jacob Appelbaum.  ok djm@

---
 monitor_wrap.c | 19 +------------------
 1 file changed, 1 insertion(+), 18 deletions(-)

(limited to 'monitor_wrap.c')

diff --git a/monitor_wrap.c b/monitor_wrap.c
index b8e8710f7..faeb02cfa 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.68 2009/06/22 05:39:28 dtucker Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.69 2010/03/07 11:57:13 dtucker Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -347,19 +347,6 @@ mm_auth_rhosts_rsa_key_allowed(struct passwd *pw, char *user,
 	return (ret);
 }
 
-static void
-mm_send_debug(Buffer *m)
-{
-	char *msg;
-
-	while (buffer_len(m)) {
-		msg = buffer_get_string(m, NULL);
-		debug3("%s: Sending debug: %s", __func__, msg);
-		packet_send_debug("%s", msg);
-		xfree(msg);
-	}
-}
-
 int
 mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
 {
@@ -393,9 +380,6 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
 	have_forced = buffer_get_int(&m);
 	forced_command = have_forced ? xstrdup("true") : NULL;
 
-	/* Send potential debug messages */
-	mm_send_debug(&m);
-
 	buffer_free(&m);
 
 	return (allowed);
@@ -1085,7 +1069,6 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
 		*rkey = key;
 		xfree(blob);
 	}
-	mm_send_debug(&m);
 	buffer_free(&m);
 
 	return (allowed);
-- 
cgit v1.2.3