3008 – pam_putenv used regardless of whether or not it is available

Bug 3008 - pam_putenv used regardless of whether or not it is available

Summary: pam_putenv used regardless of whether or not it is available

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	PAM support (show other bugs)
Version:	8.0p1
Hardware:	HPPA HP-UX

Importance:	P5 normal
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:	V_8_1
	Show dependency tree / graph

Reported:	2019-05-14 08:00 AEST by The Written Word
Modified:	2021-04-23 15:00 AEST (History)
CC List:	2 users (show)

See Also:

Attachments
Possible patch (1.08 KB, patch) 2019-05-14 08:03 AEST, The Written Word	no flags	Details \| Diff
Add no-op implementation of pam_putenv (1.23 KB, patch) 2019-05-14 10:59 AEST, Darren Tucker	djm: ok+	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description The Written Word 2019-05-14 08:00:18 AEST

configure.ac has:
                        AC_CHECK_FUNCS([pam_putenv])

yet auth-pam.c uses pam_putenv regardless:
        if (sshpam_rhost != NULL) {
                debug("PAM: setting PAM_RHOST to \"%s\"", sshpam_rhost);
                sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST,
                    sshpam_rhost);
                if (sshpam_err != PAM_SUCCESS) {
                        pam_end(sshpam_handle, sshpam_err);
                        sshpam_handle = NULL;
                        return (-1);
                }
                /* Put SSH_CONNECTION in the PAM environment too */
                pam_putenv(sshpam_handle, sshpam_conninfo);
        }

This is despite earlier uses of pam_putenv being wrapped with #ifdef HAVE_PAM_PUTENV:
#ifdef HAVE_PAM_PUTENV
                /* Errors are not fatal here */
                if ((r = pam_putenv(sshpam_handle, env)) != PAM_SUCCESS) {
                        error("PAM: pam_putenv: %s",
                            pam_strerror(sshpam_handle, r));
                }
#endif

Comment 1 The Written Word 2019-05-14 08:03:09 AEST

Created attachment 3281 [details]
Possible patch

Comment 2 Darren Tucker 2019-05-14 10:59:01 AEST

Created attachment 3282 [details]
Add no-op implementation of pam_putenv

I think we would be better off adding a no-op implementation of pam_putenv similar to what we already do with pam_getenvlist.

Your diff has some other unrelated changes in configure.ac, what's the deal with those?

Comment 3 The Written Word 2019-05-14 11:01:12 AEST

(In reply to Darren Tucker from comment #2)
> Created attachment 3282 [details]
> Add no-op implementation of pam_putenv
> 
> I think we would be better off adding a no-op implementation of
> pam_putenv similar to what we already do with pam_getenvlist.
> 
> Your diff has some other unrelated changes in configure.ac, what's
> the deal with those?

Oops, my bad. Internal changes. Let me test your patch on our HP-UX systems.

Comment 4 Darren Tucker 2019-05-17 13:25:54 AEST

Thanks for the report.  Patch (attachment #3282 [details]) has been committed and will be in the next release.  I'm pretty sure that will resolve it, but if you discover any problems please reopen.

Comment 5 Damien Miller 2021-04-23 15:00:56 AEST

closing resolved bugs as of 8.6p1 release