- dtucker@cvs.openbsd.org 2010/03/07 11:57:13

[auth-rhosts.c monitor.c monitor_wrap.c session.c auth-options.c sshd.c]
     Hold authentication debug messages until after successful authentication.
     Fixes an info leak of environment variables specified in authorized_keys,
     reported by Jacob Appelbaum.  ok djm@

ChangeLog

@@ -7,6 +7,12 @@
    by permanently_set_uid.
  - (dtucker) [session.c] Also initialize creds to NULL for handing to
     setpcred.
+ - (dtucker) OpenBSD CVS Sync
+   - dtucker@cvs.openbsd.org 2010/03/07 11:57:13
+     [auth-rhosts.c monitor.c monitor_wrap.c session.c auth-options.c sshd.c]
+     Hold authentication debug messages until after successful authentication.
+     Fixes an info leak of environment variables specified in authorized_keys,
+     reported by Jacob Appelbaum.  ok djm@
 
 20100305
  - OpenBSD CVS Sync

auth-options.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.47 2010/03/04 23:27:25 djm Exp $ */
+/* $OpenBSD: auth-options.c,v 1.48 2010/03/07 11:57:13 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -78,7 +78,6 @@ auth_clear_options(void)
 	}
 	forced_tun_device = -1;
 	channel_clear_permitted_opens();
-	auth_debug_reset();
 }
 
 /*
@@ -364,9 +363,6 @@ next_option:
 		/* Process the next option. */
 	}
 
-	if (!use_privsep)
-		auth_debug_send();
-
 	/* grant access */
 	return 1;
 
@@ -376,9 +372,6 @@ bad_option:
 	auth_debug_add("Bad options in %.100s file, line %lu: %.50s",
 	    file, linenum, opts);
 
-	if (!use_privsep)
-		auth_debug_send();
-
 	/* deny access */
 	return 0;
 }

auth-rhosts.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rhosts.c,v 1.43 2008/06/13 14:18:51 dtucker Exp $ */
+/* $OpenBSD: auth-rhosts.c,v 1.44 2010/03/07 11:57:13 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -317,11 +317,5 @@ int
 auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
     const char *ipaddr)
 {
-	int ret;
-
-	auth_debug_reset();
-	ret = auth_rhosts2_raw(pw, client_user, hostname, ipaddr);
-	if (!use_privsep)
-		auth_debug_send();
-	return ret;
+       return auth_rhosts2_raw(pw, client_user, hostname, ipaddr);
 }

monitor.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.105 2010/02/26 20:29:54 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.106 2010/03/07 11:57:13 dtucker Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -997,17 +997,6 @@ mm_answer_pam_free_ctx(int sock, Buffer *m)
 }
 #endif
 
-static void
-mm_append_debug(Buffer *m)
-{
-	if (auth_debug_init && buffer_len(&auth_debug)) {
-		debug3("%s: Appending debug messages for child", __func__);
-		buffer_append(m, buffer_ptr(&auth_debug),
-		    buffer_len(&auth_debug));
-		buffer_clear(&auth_debug);
-	}
-}
-
 int
 mm_answer_keyallowed(int sock, Buffer *m)
 {
@@ -1090,8 +1079,6 @@ mm_answer_keyallowed(int sock, Buffer *m)
 	buffer_put_int(m, allowed);
 	buffer_put_int(m, forced_command != NULL);
 
-	mm_append_debug(m);
-
 	mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m);
 
 	if (type == MM_RSAHOSTKEY)
@@ -1475,8 +1462,6 @@ mm_answer_rsa_keyallowed(int sock, Buffer *m)
 	if (key != NULL)
 		key_free(key);
 
-	mm_append_debug(m);
-
 	mm_request_send(sock, MONITOR_ANS_RSAKEYALLOWED, m);
 
 	monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed);

monitor_wrap.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.68 2009/06/22 05:39:28 dtucker Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.69 2010/03/07 11:57:13 dtucker Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -347,19 +347,6 @@ mm_auth_rhosts_rsa_key_allowed(struct passwd *pw, char *user,
 	return (ret);
 }
 
-static void
-mm_send_debug(Buffer *m)
-{
-	char *msg;
-
-	while (buffer_len(m)) {
-		msg = buffer_get_string(m, NULL);
-		debug3("%s: Sending debug: %s", __func__, msg);
-		packet_send_debug("%s", msg);
-		xfree(msg);
-	}
-}
-
 int
 mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
 {
@@ -393,9 +380,6 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
 	have_forced = buffer_get_int(&m);
 	forced_command = have_forced ? xstrdup("true") : NULL;
 
-	/* Send potential debug messages */
-	mm_send_debug(&m);
-
 	buffer_free(&m);
 
 	return (allowed);
@@ -1085,7 +1069,6 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
 		*rkey = key;
 		xfree(blob);
 	}
-	mm_send_debug(&m);
 	buffer_free(&m);
 
 	return (allowed);

session.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.251 2010/01/12 08:33:17 dtucker Exp $ */
+/* $OpenBSD: session.c,v 1.252 2010/03/07 11:57:13 dtucker Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -271,6 +271,8 @@ do_authenticated(Authctxt *authctxt)
 	if (!no_port_forwarding_flag && options.allow_tcp_forwarding)
 		channel_permit_all_opens();
 
+	auth_debug_send();
+
 	if (compat20)
 		do_authenticated2(authctxt);
 	else

sshd.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.373 2010/02/26 20:29:54 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.374 2010/03/07 11:57:13 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1939,6 +1939,7 @@ main(int ac, char **av)
 
 	/* prepare buffer to collect messages to display to user after login */
 	buffer_init(&loginmsg);
+	auth_debug_reset();
 
 	if (use_privsep)
 		if (privsep_preauth(authctxt) == 1)