Darren Tucker wrote:
Colin Watson wrote:
[snip bug details]
We're also seeing these symptoms on a server at work, although they're
highly intermittent and very difficult to track down.
I will look at this tomorrow.
I was able to sometimes reproduce this on Debian by connecting to the
server PreferredAuthentications=keyboard-interactive then *immediately*
cancelling the authentication with ctrl-C.
After some digging I think I have found the cause: waitpid will return
zero if the process has not exited and none of the conditions listed
under "ERRORS" in the man page have been met. Attached is a patch to
test for this too (which it should have done in the first place, sigh).
I have not been able to reproduce the problem with this patch.
(Interestingly, I was not able to reproduce it on Redhat by doing the
same thing. I'm not sure why, but Debian is running on faster, dual CPU
box so it could be a timing issue.)
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Index: auth-pam.c
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-pam.c,v
retrieving revision 1.110
diff -u -p -r1.110 auth-pam.c
--- auth-pam.c 1 Jul 2004 04:00:15 -0000 1.110
+++ auth-pam.c 10 Jul 2004 02:58:58 -0000
@@ -113,11 +113,11 @@ sshpam_sigchld_handler(int sig)
if (cleanup_ctxt == NULL)
return; /* handler called after PAM cleanup, shouldn't happen */
if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, WNOHANG)
- == -1) {
+ <= 0) {
/* PAM thread has not exitted, privsep slave must have */
kill(cleanup_ctxt->pam_thread, SIGTERM);
if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0)
- == -1)
+ <= 0)
return; /* could not wait */
}
if (WIFSIGNALED(sshpam_thread_status) &&
