'Again about logical bug in SSH2.0 & FBSD - patch'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-isp
Subject:    Again about logical bug in SSH2.0 & FBSD - patch
From:       Casper <casper () acc ! am>
Date:       1998-11-24 20:54:18
[Download RAW message or body]

Below is a small patch made by me. It working about one week on my home
FreeBSD 3.0 - SNAP 16.08.98 /*- really old for developer! :)-*/machine ,
and i have no problems ...
I'll try to patch sftpd as soon as possible ....
Feel free to write all messages and suggessions to nightmar@acc.am


In ssh distribution ./apps/ssh/sshchsession.c
look for lines like this ( beginning on /*line 695 of 1786 (38%),
character 21335 of 59636 (35%) */ in version 2.0.10) and apply the patch
provided :

[--cut--]
[-- original code --]
/* Get the user's shell, and the last component of it. */
shell = ssh_user_shell(session->common->user_data);
shell_no_path = strrchr(shell, '/');
if (shell_no_path)
  shell_no_path++;
else
  shell_no_path = shell;
                
/* Start the command. */
switch (op)
  {
   case SSH_SESSION_SHELL:
[-- end original code --]
[-- comment these lines -]
/*      Start the shell.  Set initial character to '-'. */
/*      buf[0] = '-';
     	strncpy(buf + 1, shell_no_path, sizeof(buf) - 1);
      	buf[sizeof(buf) - 1] = 0;*/
/* 	Execute the shell. */
/*      argv[0] = buf;
      	argv[1] = NULL;*/
/* 	print motd, if "PrintMotd yes" and it exists */
/*      if(session->common->config->print_motd)
        {
          f = fopen("/etc/motd", "r");
          if (f)
            {
              while (fgets(linebuf, sizeof(linebuf), f))
                fputs(linebuf, stdout);
              fclose(f);
            }
        }*/
      
/*  execve(shell, argv, env); */
[-- end comment these lines -]
[-- insert these lines     --]
      argv[0] = "/usr/bin/login";
      argv[1] = "-f";
      argv[2] = session->common->user;	/*-i didn't check the code that
generates this string and /usr/bin/login source, so potential
buffer 					  -overrun in login ... i hope that i'm wrong :) ... -*/
      argv[3] = NULL; 
      execve("/usr/bin/login", argv, env);
[-- end insert these lines --]
      /* Executing the shell failed. */
      perror(shell);
      exit(254);
[--cut--]


See ya !

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic