[auth-rhosts.c monitor.c monitor_wrap.c session.c auth-options.c sshd.c]
     Hold authentication debug messages until after successful authentication.
     Fixes an info leak of environment variables specified in authorized_keys,
     reported by Jacob Appelbaum.  ok djm@
This commit is contained in:
Darren Tucker 2010-03-07 23:05:17 +11:00
parent ac0c4c9c1d
commit cd70e1b813
7 changed files with 16 additions and 52 deletions

View File

@ -7,6 +7,12 @@
by permanently_set_uid. by permanently_set_uid.
- (dtucker) [session.c] Also initialize creds to NULL for handing to - (dtucker) [session.c] Also initialize creds to NULL for handing to
setpcred. setpcred.
- (dtucker) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2010/03/07 11:57:13
[auth-rhosts.c monitor.c monitor_wrap.c session.c auth-options.c sshd.c]
Hold authentication debug messages until after successful authentication.
Fixes an info leak of environment variables specified in authorized_keys,
reported by Jacob Appelbaum. ok djm@
20100305 20100305
- OpenBSD CVS Sync - OpenBSD CVS Sync

View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth-options.c,v 1.47 2010/03/04 23:27:25 djm Exp $ */ /* $OpenBSD: auth-options.c,v 1.48 2010/03/07 11:57:13 dtucker Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -78,7 +78,6 @@ auth_clear_options(void)
} }
forced_tun_device = -1; forced_tun_device = -1;
channel_clear_permitted_opens(); channel_clear_permitted_opens();
auth_debug_reset();
} }
/* /*
@ -364,9 +363,6 @@ next_option:
/* Process the next option. */ /* Process the next option. */
} }
if (!use_privsep)
auth_debug_send();
/* grant access */ /* grant access */
return 1; return 1;
@ -376,9 +372,6 @@ bad_option:
auth_debug_add("Bad options in %.100s file, line %lu: %.50s", auth_debug_add("Bad options in %.100s file, line %lu: %.50s",
file, linenum, opts); file, linenum, opts);
if (!use_privsep)
auth_debug_send();
/* deny access */ /* deny access */
return 0; return 0;
} }

View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth-rhosts.c,v 1.43 2008/06/13 14:18:51 dtucker Exp $ */ /* $OpenBSD: auth-rhosts.c,v 1.44 2010/03/07 11:57:13 dtucker Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -317,11 +317,5 @@ int
auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
const char *ipaddr) const char *ipaddr)
{ {
int ret; return auth_rhosts2_raw(pw, client_user, hostname, ipaddr);
auth_debug_reset();
ret = auth_rhosts2_raw(pw, client_user, hostname, ipaddr);
if (!use_privsep)
auth_debug_send();
return ret;
} }

View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor.c,v 1.105 2010/02/26 20:29:54 djm Exp $ */ /* $OpenBSD: monitor.c,v 1.106 2010/03/07 11:57:13 dtucker Exp $ */
/* /*
* Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org> * Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -997,17 +997,6 @@ mm_answer_pam_free_ctx(int sock, Buffer *m)
} }
#endif #endif
static void
mm_append_debug(Buffer *m)
{
if (auth_debug_init && buffer_len(&auth_debug)) {
debug3("%s: Appending debug messages for child", __func__);
buffer_append(m, buffer_ptr(&auth_debug),
buffer_len(&auth_debug));
buffer_clear(&auth_debug);
}
}
int int
mm_answer_keyallowed(int sock, Buffer *m) mm_answer_keyallowed(int sock, Buffer *m)
{ {
@ -1090,8 +1079,6 @@ mm_answer_keyallowed(int sock, Buffer *m)
buffer_put_int(m, allowed); buffer_put_int(m, allowed);
buffer_put_int(m, forced_command != NULL); buffer_put_int(m, forced_command != NULL);
mm_append_debug(m);
mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m); mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m);
if (type == MM_RSAHOSTKEY) if (type == MM_RSAHOSTKEY)
@ -1475,8 +1462,6 @@ mm_answer_rsa_keyallowed(int sock, Buffer *m)
if (key != NULL) if (key != NULL)
key_free(key); key_free(key);
mm_append_debug(m);
mm_request_send(sock, MONITOR_ANS_RSAKEYALLOWED, m); mm_request_send(sock, MONITOR_ANS_RSAKEYALLOWED, m);
monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed); monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed);

View File

@ -1,4 +1,4 @@
/* $OpenBSD: monitor_wrap.c,v 1.68 2009/06/22 05:39:28 dtucker Exp $ */ /* $OpenBSD: monitor_wrap.c,v 1.69 2010/03/07 11:57:13 dtucker Exp $ */
/* /*
* Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org> * Copyright 2002 Markus Friedl <markus@openbsd.org>
@ -347,19 +347,6 @@ mm_auth_rhosts_rsa_key_allowed(struct passwd *pw, char *user,
return (ret); return (ret);
} }
static void
mm_send_debug(Buffer *m)
{
char *msg;
while (buffer_len(m)) {
msg = buffer_get_string(m, NULL);
debug3("%s: Sending debug: %s", __func__, msg);
packet_send_debug("%s", msg);
xfree(msg);
}
}
int int
mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key) mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
{ {
@ -393,9 +380,6 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
have_forced = buffer_get_int(&m); have_forced = buffer_get_int(&m);
forced_command = have_forced ? xstrdup("true") : NULL; forced_command = have_forced ? xstrdup("true") : NULL;
/* Send potential debug messages */
mm_send_debug(&m);
buffer_free(&m); buffer_free(&m);
return (allowed); return (allowed);
@ -1085,7 +1069,6 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
*rkey = key; *rkey = key;
xfree(blob); xfree(blob);
} }
mm_send_debug(&m);
buffer_free(&m); buffer_free(&m);
return (allowed); return (allowed);

View File

@ -1,4 +1,4 @@
/* $OpenBSD: session.c,v 1.251 2010/01/12 08:33:17 dtucker Exp $ */ /* $OpenBSD: session.c,v 1.252 2010/03/07 11:57:13 dtucker Exp $ */
/* /*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved * All rights reserved
@ -271,6 +271,8 @@ do_authenticated(Authctxt *authctxt)
if (!no_port_forwarding_flag && options.allow_tcp_forwarding) if (!no_port_forwarding_flag && options.allow_tcp_forwarding)
channel_permit_all_opens(); channel_permit_all_opens();
auth_debug_send();
if (compat20) if (compat20)
do_authenticated2(authctxt); do_authenticated2(authctxt);
else else

3
sshd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshd.c,v 1.373 2010/02/26 20:29:54 djm Exp $ */ /* $OpenBSD: sshd.c,v 1.374 2010/03/07 11:57:13 dtucker Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1939,6 +1939,7 @@ main(int ac, char **av)
/* prepare buffer to collect messages to display to user after login */ /* prepare buffer to collect messages to display to user after login */
buffer_init(&loginmsg); buffer_init(&loginmsg);
auth_debug_reset();
if (use_privsep) if (use_privsep)
if (privsep_preauth(authctxt) == 1) if (privsep_preauth(authctxt) == 1)