From nobody@FreeBSD.org  Sun Mar 11 22:07:26 2001
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 88DC037B718
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 11 Mar 2001 22:07:26 -0800 (PST)
	(envelope-from nobody@FreeBSD.org)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f2C67Qf40264;
	Sun, 11 Mar 2001 22:07:26 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200103120607.f2C67Qf40264@freefall.freebsd.org>
Date: Sun, 11 Mar 2001 22:07:26 -0800 (PST)
From: seraf@2600.com
To: freebsd-gnats-submit@FreeBSD.org
Subject: OpenSSH on 4.2 dumps core from illegal user
X-Send-Pr-Version: www-1.0

>Number:         25722
>Category:       bin
>Synopsis:       OpenSSH on 4.2 dumps core from illegal user
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    green
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Mar 11 22:10:01 PST 2001
>Closed-Date:    Fri Jun 15 11:15:17 PDT 2001
>Last-Modified:  Fri Jun 15 11:15:45 PDT 2001
>Originator:     Dominick LaTrappe
>Release:        4.2-20010212-STABLE
>Organization:
>Environment:
FreeBSD pocks.tdl-m.sambuca 4.2-20010212-STABLE FreeBSD 4.2-20010212-STABLE #4: Wed Feb 13 08:09:25 UTC 2001     sysbuild@protopocks.tdl.dev.sambuca :/usr/src/sys/compile/POCKS_M  i386
>Description:
sshd in SSH-2 mode dumps core to the tune of signal 11 when an illegal username is attempted by the client. This has been tested with OpenSSH and lsh clients. The last log message entered is "input_userauth_request: illegal user [username]".
>How-To-Repeat:
ssh -2 aleistercrowley666@localhost
>Fix:
Dirty patch with strange coincidence of dates:

--- src/crypto/openssh/auth2.c.orig     Fri Jan 12 04:25:55 2001
+++ src/crypto/openssh/auth2.c  Mon Mar 12 05:23:10 2001
@@ -215,6 +215,9 @@
 #endif
                } else {
                        log("input_userauth_request: illegal user %s", user);
+                       log("Failed pwuser for %.200s from %.200s port %d ssh2",
+                           user, get_remote_ipaddr(), get_remote_port());
+                       packet_disconnect("Login unknown.");
                }
                authctxt->user = xstrdup(user);
                authctxt->service = xstrdup(service);

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->green 
Responsible-Changed-By: kris 
Responsible-Changed-When: Sun Mar 11 22:27:47 PST 2001 
Responsible-Changed-Why:  
Brian is the SSH maintainer 

http://www.freebsd.org/cgi/query-pr.cgi?pr=25722 

From: avn@any.ru
To: freebsd-gnats-submit@FreeBSD.org, seraf@2600.com
Cc:  
Subject: Re: bin/25722: OpenSSH on 4.2 dumps core from ille
Date: Thu, 14 Jun 2001 22:25:48 +0400 (MSD)

 This PR can be closed.
 (fixed in auth2.c 1.2.2.6)
 
State-Changed-From-To: open->closed 
State-Changed-By: roam 
State-Changed-When: Fri Jun 15 11:15:17 PDT 2001 
State-Changed-Why:  
Fixed quite some time ago. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=25722 
>Unformatted:
