From ryanb@bjorn.goddamnbastard.org  Tue Oct 23 11:21:06 2001
Return-Path: <ryanb@bjorn.goddamnbastard.org>
Received: from smtp-2.enteract.com (smtp-2.enteract.com [207.229.143.4])
	by hub.freebsd.org (Postfix) with ESMTP id E57EC37B401
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 23 Oct 2001 11:21:05 -0700 (PDT)
Received: from bjorn.goddamnbastard.org (bjorn.goddamnbastard.org [216.80.6.225])
	by smtp-2.enteract.com (Postfix) with SMTP id 0681B69C6
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 23 Oct 2001 13:21:05 -0500 (CDT)
Received: (qmail 23220 invoked by uid 1000); 23 Oct 2001 18:21:04 -0000
Message-Id: <20011023182104.23219.qmail@bjorn.goddamnbastard.org>
Date: 23 Oct 2001 18:21:04 -0000
From: ryanb@goddamnbastard.org
Reply-To: ryanb@goddamnbastard.org
To: FreeBSD-gnats-submit@freebsd.org
Subject: OpenSSH 2.9 login(1) support broken
X-Send-Pr-Version: 3.2

>Number:         31457
>Category:       bin
>Synopsis:       OpenSSH 2.9 login(1) support broken
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Oct 23 11:30:00 PDT 2001
>Closed-Date:    Tue Dec 4 10:24:56 PST 2001
>Last-Modified:  Tue Dec 04 10:26:23 PST 2001
>Originator:     ryan beasley
>Release:        FreeBSD 4.4-STABLE i386
>Organization:
>Environment:

    FreeBSD backup.enteract.com 4.4-STABLE FreeBSD 4.4-STABLE #1: Tue Oct 16 17:35:08 CDT 2001 ryanb@backup.enteract.com:/usr/obj/usr/src/sys/BACKUP  i386
    (snapshot taken at 2001.10.01 00:00:00 GMT)

    sshd version OpenSSH_2.9 FreeBSD localisations 20010713
    SSH Version OpenSSH_2.3.0 green@FreeBSD.org 20010321, protocol versions 1.5/2.0.  Compiled with SSL (0x0090601f)
    OpenSSH_2.9 FreeBSD localisations 20010713, SSH protocols 1.5/2.0, OpenSSL 0x0090601f

>Description:

    When UseLogin is set to 1 in sshd(8)'s config, all login attempts
    without a command to execute remotely cause the sshd child process
    to catch SIGSEGV and most likely dump core.  Peeking at such a dump,
    we find a problem in the code that handles setting up the user's
    environment.  Please the check the following URL for what I think is
    useful debugging info.

    http://www.freebsd.org/cgi/getmsg.cgi?fetch=547458+0+/usr/local/www/db/text/2001/freebsd-stable/20011021.freebsd-stable

>How-To-Repeat:

    Easy.  Set UseLogin to yes in your sshd configuration and start the
    daemon.  Follow that up with a standard SSH login:

	server: backup
	client: akerfeldt

	> [ryanb@akerfeldt ~] $ date
	> Tue Oct 23 12:38:34 CDT 2001
	> [ryanb@akerfeldt ~] $ ssh backup
	> ryanb@backup's password: 
	> Connection to backup closed.
	> 
	> Oct 23 12:38:37 backup /kernel: pid 20327 (sshd), uid 0: exited on signal 11 (core dumped)


>Fix:

    I'm going to look into this again in the near future, but I have no
    idea whatsoever.
>Release-Note:
>Audit-Trail:

From: ryan beasley <ryanb@goddamnbastard.org>
To: freebsd-gnats-submit@freebsd.org
Cc:  
Subject: Re: bin/31457: OpenSSH 2.9 login(1) support broken
Date: Mon, 29 Oct 2001 16:38:52 -0600

 --JP+T4n/bALQSJXh8
 Content-Type: multipart/mixed; boundary="0OAP2g/MAC+5xKAE"
 Content-Disposition: inline
 
 
 --0OAP2g/MAC+5xKAE
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
     I initially mailed my patch to the wrong parties 2001.10.24.  Sorry
     'bout that.
 
     > You just gotta love pointer initialization.  After poking around for
     > a bit, I modified session.c to take care of proper declaration of
     > **env.  This will now call the initialization code at
     > session.c:1128.  :)
 
 --=20
 ryan beasley				<ryanb@goddamnbastard.org>
 professional fat bastard		http://www.goddamnbastard.org
 
 	GPG Key ID 0x36321D13 with fingerprint
 	2074 CEB8 68AD 351A 85E6  98EB 09BA 36D9 3632 1D13
 
 --0OAP2g/MAC+5xKAE
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: attachment; filename=patch
 
 --- src/crypto/openssh/session.c.orig	Wed Oct 24 00:35:57 2001
 +++ src/crypto/openssh/session.c	Wed Oct 24 00:36:26 2001
 @@ -1003,7 +1003,7 @@
  	char cmd[1024];
  	FILE *f = NULL;
  	u_int envsize, i;
 -	char **env;
 +	char **env = NULL;
  	extern char **environ;
  	struct stat st;
  	char *argv[10];
 
 --0OAP2g/MAC+5xKAE--
 
 --JP+T4n/bALQSJXh8
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.0.6 (FreeBSD)
 Comment: For info see http://www.gnupg.org
 
 iD8DBQE73dp7Cbo22TYyHRMRArTpAJ9RhyMVll6vi3pXiL2JsZzDt880KgCfbeiF
 oew/TAvIqWMU+J5ifmQAxWg=
 =r9mY
 -----END PGP SIGNATURE-----
 
 --JP+T4n/bALQSJXh8--

From: ryan beasley <ryanb@goddamnbastard.org>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: bin/31457: OpenSSH 2.9 login(1) support broken
Date: Tue, 4 Dec 2001 12:18:29 -0600

 --EXKGNeO8l0xGFBjy
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
     dwmalone committed a patch in version 1.4.2.10.  Feel free to close
     this report out.  <g>
 
 --=20
 ryan beasley				<ryanb@goddamnbastard.org>
 professional fat bastard		http://www.goddamnbastard.org
 
 	GPG Key ID 0x36321D13 with fingerprint
 	2074 CEB8 68AD 351A 85E6  98EB 09BA 36D9 3632 1D13
 
 --EXKGNeO8l0xGFBjy
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.0.6 (FreeBSD)
 Comment: For info see http://www.gnupg.org
 
 iD8DBQE8DRN0Cbo22TYyHRMRApLuAJ9pLHMCUTUnZ3pU9libkrMy1sPniACfa9XO
 8ho9cuAsrQhR22dveh4lk4k=
 =6KuN
 -----END PGP SIGNATURE-----
 
 --EXKGNeO8l0xGFBjy--
State-Changed-From-To: open->closed 
State-Changed-By: dwmalone 
State-Changed-When: Tue Dec 4 10:24:56 PST 2001 
State-Changed-Why:  
Patch committed in both -current and -stable. 
(Sorry I didn't notice this PR when I was committing the patch.) 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=31457 
>Unformatted:
