![[LWN Logo]](/images/lwn.banner.gif)
Subject: shadow bugs in ssh2/ssh1
From: Frank Cusack <fcusack@iconnet.net>
Date: Mon, 14 Sep 1998 23:50:21 GMT
Both ssh1 and ssh2 have bugs in the handling of shadow passwords.
Here is the fix for ssh1.2.26; the fix is the same for ssh2 but in a
different file. Also ssh2 has a bug in nis+ handling, related to the
shadow bug. Due to the restrictive licensing I can't use ssh2 and
since ssh comm sec ltd is a commercial enterprise they can find/fix it
themselves.
Comments:
Under Solaris, pw->pw_passwd is defined to be invalid. However,
in some cases getpwnam() will return a value for this. It should
be ignored.
For other systems, if getspnam() is defined, (and thus
HAVE_ETC_SHADOW is defined), then it should be definitive.
Unfortunately, this may not be the case under IRIX, so this
fix will break IRIX installations w/o /etc/shadow. IMHO, anyone
not running IRIX w/ shadow files needs to fix that anyway.
~frank
*** auth-passwd.c.orig Wed Jul 8 12:40:35 1998
--- auth-passwd.c Mon Sep 14 19:41:50 1998
***************
*** 702,709 ****
--- 702,712 ----
password code. */
#endif /* HAVE_SECURID */
+ #ifndef HAVE_ETC_SHADOW
+ /* pw->pw_passwd is defined to be invalid under Solaris. */
/* Save the encrypted password. */
strncpy(correct_passwd, saved_pw_passwd, sizeof(correct_passwd));
+ #endif
#ifdef SECURE_RPC
/* try to register secret key for secure RPC */
--
Frank Cusack + Today's Haiku No keyboard present
Icon CMT Corp. + error message: Hit F1 to continue
PGP: C001AA75 + Zen engineering?