https://bugzilla.mindrot.org/show_bug.cgi?id=2655
Bug ID: 2655 Summary: AuthorizedKeysCommand with large output can deadlock Product: Portable OpenSSH Version: 7.2p2 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-b...@mindrot.org Reporter: jbon...@gmail.com If an AuthorizedKeysCommand produces a large amount of output, a deadlock can result. The relevant code is in auth2-pubkey.c, beginning at line 1041: if ((pid = subprocess("AuthorizedKeysCommand", pw, command, ac, av, &f)) == 0) goto out; uid_swapped = 1; temporarily_use_uid(pw); ok = check_authkeys_file(f, options.authorized_keys_command, key, pw); if (exited_cleanly(pid, "AuthorizedKeysCommand", command) != 0) goto out; Upon finding the correct public key in the command's output, we immediately wait() for the command to exit. However, the command may continue to generate output; if the subsequent output is large enough to fill up the pipe's buffer, the command will block on write() and never exit, resulting in deadlock. I believe adding "fclose(f); f = NULL;" after the check_authkeys_file() call will fix this. (There was indeed an fclose() after the check_authkeys_file() call prior to v1.50 of auth2-pubkey.c) -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs