From b9438bbc073e792547318c8e343923748536529c Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Fri, 29 Sep 2006 11:36:40 +0000 Subject: - CVE-2006-5051: Fix an unsafe signal hander reported by Mark Dowd. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. On portable OpenSSH, this vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote. --- sshd.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'sshd.c') diff --git a/sshd.c b/sshd.c index 85b679d5e..b1776ef45 100644 --- a/sshd.c +++ b/sshd.c @@ -310,13 +310,11 @@ main_sigchld_handler(int sig) static void grace_alarm_handler(int sig) { - /* XXX no idea how fix this signal handler */ - if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0) kill(pmonitor->m_pid, SIGALRM); /* Log error and exit. */ - fatal("Timeout before authentication for %s", get_remote_ipaddr()); + sigdie("Timeout before authentication for %s", get_remote_ipaddr()); } /* @@ -1797,6 +1795,7 @@ main(int ac, char **av) */ alarm(0); signal(SIGALRM, SIG_DFL); + authctxt->authenticated = 1; if (startup_pipe != -1) { close(startup_pipe); startup_pipe = -1; -- cgit v1.2.3