Hi, Jens Peter Secher <jpsec...@diku.dk> writes:
> I cannot reproduce the actual crash, but I have prepared a fix. :-) > > It is located at http://people.debian.org/~jps/unstable/. Can you > confirm that it fixes the crash? Yes, it works fine. There is one small issue with the patch: memory is allocated for tty_raw in the asprintf call, but not freed later. I updated your patch to write to tty_nodir and not call strdup in case there is no controlling terminal. Regards, Ansgar
Description: handle session with no controlling tty. Bug: http://bugs.debian.org/541449 Author: Jens Peter Secher Let the PAM session handle situations where there is no controlling tty by using the PID to construct the sessoin file name. --- libpam-ssh-1.92.orig/pam_ssh.c +++ libpam-ssh-1.92/pam_ssh.c @@ -907,6 +907,7 @@ ssh_close_authentication_connection(ac); if (start_agent && retval != PAM_SUCCESS) { + debug("could not start SSH agent"); openpam_restore_cred(pamh); return retval; } @@ -928,15 +929,28 @@ return retval; } - /* set tty_nodir to the tty with / replaced by _ */ + /* if there is no controlling tty, then use the process id */ - if (!(tty_nodir = strdup(tty_raw))) { - pam_ssh_log(LOG_CRIT, "out of memory"); - openpam_restore_cred(pamh); - return PAM_SERVICE_ERR; + if (tty_raw == NULL) { + debug("no controlling tty"); + if (asprintf(&tty_nodir, "pid%ld", (long) getpid()) == -1) { + pam_ssh_log(LOG_CRIT, "out of memory"); + openpam_restore_cred(pamh); + return PAM_SERVICE_ERR; + } + } + + /* else set tty_nodir to the tty with / replaced by _ */ + + else { + if (!(tty_nodir = strdup(tty_raw))) { + pam_ssh_log(LOG_CRIT, "out of memory"); + openpam_restore_cred(pamh); + return PAM_SERVICE_ERR; + } + for (cp = tty_nodir; (cp = strchr(cp, '/')); ) + *cp = '_'; } - for (cp = tty_nodir; (cp = strchr(cp, '/')); ) - *cp = '_'; if (asprintf(&per_session, "%s/.ssh/agent-%s-%s", pwent->pw_dir, hname, tty_nodir) == -1) {
