Bug 749 - Connection is dropped for invalid user
Summary: Connection is dropped for invalid user
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: -current
Hardware: Alpha AIX
: P2 normal
Assignee: OpenSSH Bugzilla mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-10-29 00:47 AEDT by Heinrich.Mislik
Modified: 2004-04-14 12:24 AEST (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Heinrich.Mislik 2003-10-29 00:47:33 AEDT 
If connecting to a server with an illegal userid und an rsa1 key, the connection
is dropped immediatly. Normaly, a wrong username will stay in the auth_loop and
keep requesting authentication from the user. The reason is in auth-rsa.c in
line 293:

         /* no user given */
         if (pw == NULL)
               return 0;

Invalid users nolonger are passwd as NULL-pointers, a faked pw struct is used
instead. This results in a call to temporarily_use_uid(pw) with the faked pw
struct, which fails with fatal().

As a patch I tried 

         /* no user given */
         if (pw == fakepw())
                 return 0;
which worked, but maybe is not the best solution.
Comment 1 Damien Miller 2003-11-16 17:19:00 AEDT 
I couldn't replicate this on Linux or OpenBSD, but the code was problematic.
Could you try one of the CVS snapshots? http://www.openssh.com/portable.html#cvs
Comment 2 Heinrich.Mislik 2003-11-18 07:27:13 AEDT 
I tried openssh-SNAP-20031118.tar.gz and the behavior is now OK. Illegal users are
kept in the autloop.
Comment 3 Damien Miller 2003-11-18 12:43:47 AEDT 
Thanks - fix will be in the next release.
Comment 4 Damien Miller 2004-04-14 12:24:19 AEST 
Mass change of RESOLVED bugs to CLOSED