- Merged changes from OpenBSD CVS

  - [sshd.c] session_key_int may be zero

diff --git a/ChangeLog b/ChangeLog
index 4971a44212cf9eb515eb9d78f46a35f34a136b00..2d702dca435bd7b87c79eeea9fd3c8750ad00579 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+19991112
+ - Merged changes from OpenBSD CVS
+   - [sshd.c] session_key_int may be zero
+
 19991111
  - Added (untested) Entropy Gathering Daemon (EGD) support
  - Fixed fd leak
@@ -15,7 +19,12 @@
      [ssh.1 ssh.c ssh.h sshd.8]
      add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
      obsoletes QuietMode and FascistLogging in sshd.
-     
+   - [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au:
+     allow session_key_int != sizeof(session_key)
+     [this should fix the pre-assert-removal-core-files]
+ - Updated default config file to use new LogLevel option and to improve
+   readability
+
 19991110
  - Merged several minor fixed:
    - ssh-agent commandline parsing

diff --git a/configure.in b/configure.in
index 244a3ce18e2577cf7fab937e63de1c06b6653af0..e679df45bb8e21c737c9ed17d7c5b518f19094b5 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -59,7 +59,7 @@ AC_CHECK_HEADERS(pty.h endian.h paths.h lastlog.h)
 
 dnl Checks for library functions.
 AC_PROG_GCC_TRADITIONAL
-AC_CHECK_FUNCS(openpty strlcpy mkdtemp arc4random setproctitle)
+AC_CHECK_FUNCS(openpty strlcpy mkdtemp arc4random setproctitle setlogin)
 
 dnl Check for ut_host field in utmp
 AC_MSG_CHECKING([whether utmp.h has ut_host field])

diff --git a/sshd.c b/sshd.c
index 0f440c95ee438f787ac3b4ffc6d4e91345e20c93..86864c101a57fff08350ecff5e82c13521498af0 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -1025,7 +1025,7 @@ void do_connection(int privileged_port)
      key is in the highest bits. */
   BN_mask_bits(session_key_int, sizeof(session_key) * 8);
   len = BN_num_bytes(session_key_int);
-  if (len <= 0 || len > sizeof(session_key))
+  if (len < 0 || len > sizeof(session_key))
     fatal("do_connection: bad len: session_key_int %d > sizeof(session_key) %d",
          len, sizeof(session_key));
   memset(session_key, 0, sizeof(session_key));
@@ -1516,11 +1516,11 @@ do_authentication(char *user, int privileged_port)
        packet_disconnect("Too many authentication failures for %.100s from %.200s", 
           pw->pw_name, get_canonical_hostname());
       }
-
       /* Send a message indicating that the authentication attempt failed. */
       packet_start(SSH_SMSG_FAILURE);
       packet_send();
       packet_write_wait();
+
     }
 
   /* Check if the user is logging in as root and root logins are disallowed. */
@@ -2296,7 +2296,13 @@ void do_child(const char *command, struct passwd *pw, const char *term,
       if (pw->pw_uid != 0)
        exit(254);
     }
-#endif
+#endif /* HAVE_LIBPAM */
+
+#ifdef HAVE_SETLOGIN
+  /* Set login name in the kernel. */
+  if (setlogin(pw->pw_name) < 0)
+    error("setlogin failed: %s", strerror(errno));
+#endif /* HAVE_SETLOGIN */
 
   /* Set uid, gid, and groups. */
   /* Login(1) does this as well, and it needs uid 0 for the "-h" switch,
@@ -2403,10 +2409,10 @@ void do_child(const char *command, struct passwd *pw, const char *term,
 
 #ifdef KRB4
   {
-        extern char *ticket;
-        
-        if (ticket)
-               child_set_env(&env, &envsize, "KRBTKFILE", ticket);
+    extern char *ticket;
+    
+    if (ticket)
+      child_set_env(&env, &envsize, "KRBTKFILE", ticket);
   }
 #endif /* KRB4 */
 
@@ -2440,7 +2446,7 @@ void do_child(const char *command, struct passwd *pw, const char *term,
   if (auth_get_socket_name() != NULL)
       child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, 
                    auth_get_socket_name());
-  
+
   /* Read $HOME/.ssh/environment. */
   if(!options.use_login) {
     snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir);
@@ -2578,7 +2584,6 @@ void do_child(const char *command, struct passwd *pw, const char *term,
             }
           }
         }
-
         /* Start the shell.  Set initial character to '-'. */
         buf[0] = '-';
         strncpy(buf + 1, cp, sizeof(buf) - 1);