[Bug 2655] New: AuthorizedKeysCommand with large output can deadlock

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2655

Bug ID: 2655
   Summary: AuthorizedKeysCommand with large output can deadlock
   Product: Portable OpenSSH
   Version: 7.2p2
  Hardware: All
OS: Linux
Status: NEW
  Severity: normal
  Priority: P5
 Component: sshd
  Assignee: unassigned-b...@mindrot.org
  Reporter: jbon...@gmail.com

If an AuthorizedKeysCommand produces a large amount of output, a
deadlock can result. The relevant code is in auth2-pubkey.c, beginning
at line 1041:

if ((pid = subprocess("AuthorizedKeysCommand", pw, command,
ac, av, )) == 0)
goto out;

uid_swapped = 1;
temporarily_use_uid(pw);

ok = check_authkeys_file(f, options.authorized_keys_command,
key, pw);

if (exited_cleanly(pid, "AuthorizedKeysCommand", command) != 0)
goto out;

Upon finding the correct public key in the command's output, we
immediately wait() for the command to exit. However, the command may
continue to generate output; if the subsequent output is large enough
to fill up the pipe's buffer, the command will block on write() and
never exit, resulting in deadlock.

I believe adding "fclose(f); f = NULL;" after the check_authkeys_file()
call will fix this. (There was indeed an fclose() after the
check_authkeys_file() call prior to v1.50 of auth2-pubkey.c)

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2319] [PATCH REVIEW] U2F authentication

[bugzilla-daemon]

https://bugzilla.mindrot.org/show_bug.cgi?id=2319

Fernando Herrera  changed:

   What|Removed |Added

 CC||fherr...@onirica.com

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs