From b9438bbc073e792547318c8e343923748536529c Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Fri, 29 Sep 2006 11:36:40 +0000
Subject:   - CVE-2006-5051: Fix an unsafe signal hander reported by Mark Dowd.
 The     signal handler was vulnerable to a race condition that could be    
 exploited to perform a pre-authentication denial of service. On     portable
 OpenSSH, this vulnerability could theoretically lead to    
 pre-authentication remote code execution if GSSAPI authentication is    
 enabled, but the likelihood of successful exploitation appears remote.

---
 session.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'session.c')

diff --git a/session.c b/session.c
index daad03929..3420db57d 100644
--- a/session.c
+++ b/session.c
@@ -2440,7 +2440,7 @@ do_cleanup(Authctxt *authctxt)
 		return;
 	called = 1;
 
-	if (authctxt == NULL)
+	if (authctxt == NULL || !authctxt->authenticated)
 		return;
 #ifdef KRB5
 	if (options.kerberos_ticket_cleanup &&
-- 
cgit v1.2.3