diff options
author | dtucker <dtucker> | 2010-03-07 12:05:17 +0000 |
---|---|---|
committer | dtucker <dtucker> | 2010-03-07 12:05:17 +0000 |
commit | 456727ae07a7dbd6d6eb9e4fd9521e012d1d0771 (patch) | |
tree | 3fc4d5387db7fa7c2b54a974cd530c8ae1b4b954 /monitor_wrap.c | |
parent | d3d69a5b9aa364abaedfdfac4a434bdbc63cd968 (diff) | |
download | openssh-456727ae07a7dbd6d6eb9e4fd9521e012d1d0771.tar.gz |
- dtucker@cvs.openbsd.org 2010/03/07 11:57:13
[auth-rhosts.c monitor.c monitor_wrap.c session.c auth-options.c sshd.c]
Hold authentication debug messages until after successful authentication.
Fixes an info leak of environment variables specified in authorized_keys,
reported by Jacob Appelbaum. ok djm@
Diffstat (limited to 'monitor_wrap.c')
-rw-r--r-- | monitor_wrap.c | 19 |
1 files changed, 1 insertions, 18 deletions
diff --git a/monitor_wrap.c b/monitor_wrap.c index b8e8710f..faeb02cf 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.68 2009/06/22 05:39:28 dtucker Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.69 2010/03/07 11:57:13 dtucker Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -347,19 +347,6 @@ mm_auth_rhosts_rsa_key_allowed(struct passwd *pw, char *user, return (ret); } -static void -mm_send_debug(Buffer *m) -{ - char *msg; - - while (buffer_len(m)) { - msg = buffer_get_string(m, NULL); - debug3("%s: Sending debug: %s", __func__, msg); - packet_send_debug("%s", msg); - xfree(msg); - } -} - int mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key) { @@ -393,9 +380,6 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key) have_forced = buffer_get_int(&m); forced_command = have_forced ? xstrdup("true") : NULL; - /* Send potential debug messages */ - mm_send_debug(&m); - buffer_free(&m); return (allowed); @@ -1085,7 +1069,6 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) *rkey = key; xfree(blob); } - mm_send_debug(&m); buffer_free(&m); return (allowed); |