diff --git a/ChangeLog b/ChangeLog index bcacfc564..3b78b88af 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20011229 + - (djm) Apply Cygwin pointer deref fix from Corinna Vinschen + Could be abused to guess valid usernames + 20011228 - (djm) Remove recommendation to use GNU make, we should support most make programs. @@ -7108,4 +7112,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1709 2001/12/27 22:57:33 djm Exp $ +$Id: ChangeLog,v 1.1710 2001/12/29 03:08:28 djm Exp $ diff --git a/auth1.c b/auth1.c index d7e80c28a..3aac26fcc 100644 --- a/auth1.c +++ b/auth1.c @@ -313,9 +313,9 @@ do_authloop(Authctxt *authctxt) #ifdef HAVE_CYGWIN if (authenticated && - !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,pw->pw_uid)) { + !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) { packet_disconnect("Authentication rejected for uid %d.", - (int)pw->pw_uid); + pw == NULL ? -1 : pw->pw_uid); authenticated = 0; } #else diff --git a/auth2.c b/auth2.c index b564a8f3c..2b23651ff 100644 --- a/auth2.c +++ b/auth2.c @@ -335,7 +335,7 @@ userauth_none(Authctxt *authctxt) return(0); #ifdef HAVE_CYGWIN - if (check_nt_auth(1, authctxt->pw->pw_uid) == 0) + if (check_nt_auth(1, authctxt->pw) == 0) return(0); #endif #ifdef USE_PAM @@ -361,7 +361,7 @@ userauth_passwd(Authctxt *authctxt) packet_done(); if (authctxt->valid && #ifdef HAVE_CYGWIN - check_nt_auth(1, authctxt->pw->pw_uid) && + check_nt_auth(1, authctxt->pw) && #endif #ifdef USE_PAM auth_pam_password(authctxt->pw, password) == 1) @@ -398,7 +398,7 @@ userauth_kbdint(Authctxt *authctxt) xfree(devs); xfree(lang); #ifdef HAVE_CYGWIN - if (check_nt_auth(0, authctxt->pw->pw_uid) == 0) + if (check_nt_auth(0, authctxt->pw) == 0) return(0); #endif return authenticated; @@ -504,7 +504,7 @@ userauth_pubkey(Authctxt *authctxt) xfree(pkalg); xfree(pkblob); #ifdef HAVE_CYGWIN - if (check_nt_auth(0, authctxt->pw->pw_uid) == 0) + if (check_nt_auth(0, authctxt->pw) == 0) return(0); #endif return authenticated; diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index 6d6aafa4f..b12725773 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c @@ -15,7 +15,7 @@ #include "includes.h" -RCSID("$Id: bsd-cygwin_util.c,v 1.6 2001/11/27 01:19:44 tim Exp $"); +RCSID("$Id: bsd-cygwin_util.c,v 1.7 2001/12/29 03:08:30 djm Exp $"); #ifdef HAVE_CYGWIN @@ -58,7 +58,7 @@ int binary_pipe(int fd[2]) return ret; } -int check_nt_auth(int pwd_authenticated, uid_t uid) +int check_nt_auth(int pwd_authenticated, struct passwd *pw) { /* * The only authentication which is able to change the user @@ -73,6 +73,8 @@ int check_nt_auth(int pwd_authenticated, uid_t uid) */ static int has_create_token = -1; + if (pw == NULL) + return 0; if (is_winnt) { if (has_create_token < 0) { struct utsname uts; @@ -90,7 +92,7 @@ int check_nt_auth(int pwd_authenticated, uid_t uid) } } if (has_create_token < 1 && - !pwd_authenticated && geteuid() != uid) + !pwd_authenticated && geteuid() != pw->pw_uid) return 0; } return 1; diff --git a/openbsd-compat/bsd-cygwin_util.h b/openbsd-compat/bsd-cygwin_util.h index 24063d311..c3d90518f 100644 --- a/openbsd-compat/bsd-cygwin_util.h +++ b/openbsd-compat/bsd-cygwin_util.h @@ -13,7 +13,7 @@ * binary mode on Windows systems. */ -/* $Id: bsd-cygwin_util.h,v 1.5 2001/11/27 01:19:44 tim Exp $ */ +/* $Id: bsd-cygwin_util.h,v 1.6 2001/12/29 03:08:30 djm Exp $ */ #ifndef _BSD_CYGWIN_UTIL_H #define _BSD_CYGWIN_UTIL_H @@ -24,7 +24,7 @@ int binary_open(const char *filename, int flags, ...); int binary_pipe(int fd[2]); -int check_nt_auth(int pwd_authenticated, uid_t uid); +int check_nt_auth(int pwd_authenticated, struct passwd *pw); int check_ntsec(const char *filename); void register_9x_service(void);