Bug 902

Summary: get_remote_port() can kill sshd in auth_log()
Product: Portable OpenSSH Reporter: Pavel Kankovsky <peak>
Component: sshdAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED FIXED    
Severity: normal    
Priority: P2    
Version: 3.8.1p1   
Hardware: All   
OS: Linux   
Attachments:
Description Flags
proposed fix none

Description Pavel Kankovsky 2004-07-21 09:09:21 AEST 
The daemon calls get_remote_port() in auth_log(). If the client closes the
connection between the authentication failure and the invocation of auth_log()
(e.g. during PAM-enforced post-failure delay) then getpeername() fails (the
socket is not connected any longer), get_sock_port() kills the daemon (almost
silently only a debugging message!), and auth_log() is never finished.

One possible fix is to make get_remote_port() cache information in the same way
it is cached by get_remote_ipaddr().
Comment 1 Pavel Kankovsky 2004-07-21 09:10:07 AEST 
Created attachment 693 [details]
proposed fix
Comment 2 Damien Miller 2004-07-21 21:54:26 AEST 
Patch applied - thanks!