Your message dated Wed, 01 Aug 2018 17:50:32 +0200 with message-id <1714888.9ysFh9GC0X@c07060> and subject line Re: Bug#905227: Acknowledgement (openssh-server: SSH AuthorizedKeysCommand hangs when output is too large) has caused the Debian Bug report #905227, regarding openssh-server: SSH AuthorizedKeysCommand hangs when output is too large to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 905227: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905227 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: openssh-server: SSH AuthorizedKeysCommand hangs when output is too large
- From: Dennis Schridde <dennis.schridde@uni-heidelberg.de>
- Date: Wed, 01 Aug 2018 17:13:48 +0200
- Message-id: <[🔎] 153313642823.24307.14872080838075083561.reportbug@fireserv.urz.uni-heidelberg.de>
Package: openssh-server Version: 1:7.4p1-10+deb9u3 Severity: important Tags: patch upstream Dear Maintainer, when sshd's AuthorizedKeysCommand outputs a lot of keys and the match is close to the beginning of the output sshd will deadlock. Upstream has a patch ready to fix this issue, which would need to be backported to OpenSSH 7.4 as used by Debian 9. Patch: https://github.com/openssh/openssh-portable/commit/ddd3d34e5c7979ca6f4a3a98a7d219a4ed3d98c2 See-Also: https://bugzilla.mindrot.org/show_bug.cgi?id=2655 See-Also: https://bugzilla.redhat.com/show_bug.cgi?id=1496467 -- System Information: Debian Release: 9.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-6-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages openssh-server depends on: ii adduser 3.115 ii debconf [debconf-2.0] 1.5.61 ii dpkg 1.18.25 ii init-system-helpers 1.48 ii libaudit1 1:2.6.7-2 ii libc6 2.24-11+deb9u3 ii libcomerr2 1.43.4-2 ii libgssapi-krb5-2 1.15-1+deb9u1 ii libkrb5-3 1.15-1+deb9u1 ii libpam-modules 1.1.8-3.6 ii libpam-runtime 1.1.8-3.6 ii libpam0g 1.1.8-3.6 ii libselinux1 2.6-3+b3 ii libssl1.0.2 1.0.2l-2+deb9u3 ii libsystemd0 232-25+deb9u4 ii libwrap0 7.6.q-26 ii lsb-base 9.20161125 ii openssh-client 1:7.4p1-10+deb9u3 ii openssh-sftp-server 1:7.4p1-10+deb9u3 ii procps 2:3.3.12-3+deb9u1 ii ucf 3.0036 ii zlib1g 1:1.2.8.dfsg-5 Versions of packages openssh-server recommends: ii libpam-systemd 232-25+deb9u4 ii ncurses-term 6.0+20161126-1+deb9u2 ii xauth 1:1.0.9-1+b2 Versions of packages openssh-server suggests: pn molly-guard <none> pn monkeysphere <none> pn rssh <none> pn ssh-askpass <none> pn ufw <none> -- debconf information: openssh-server/permit-root-login: true>From ddd3d34e5c7979ca6f4a3a98a7d219a4ed3d98c2 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" <djm@openbsd.org> Date: Fri, 30 Dec 2016 22:08:02 +0000 Subject: [PATCH] upstream commit fix deadlock when keys/principals command produces a lot of output and a key is matched early; bz#2655, patch from jboning AT gmail.com Upstream-ID: e19456429bf99087ea994432c16d00a642060afe --- auth2-pubkey.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 20f3309e1..70c021589 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.60 2016/11/30 02:57:40 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.61 2016/12/30 22:08:02 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -727,6 +727,9 @@ match_principals_command(struct passwd *user_pw, const struct sshkey *key) ok = process_principals(f, NULL, pw, cert); + fclose(f); + f = NULL; + if (exited_cleanly(pid, "AuthorizedPrincipalsCommand", command) != 0) goto out; @@ -1050,6 +1053,9 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key) ok = check_authkeys_file(f, options.authorized_keys_command, key, pw); + fclose(f); + f = NULL; + if (exited_cleanly(pid, "AuthorizedKeysCommand", command) != 0) goto out;
--- End Message ---
--- Begin Message ---
- To: 905227-done@bugs.debian.org
- Subject: Re: Bug#905227: Acknowledgement (openssh-server: SSH AuthorizedKeysCommand hangs when output is too large)
- From: Dennis Schridde <dennis.schridde@uni-heidelberg.de>
- Date: Wed, 01 Aug 2018 17:50:32 +0200
- Message-id: <1714888.9ysFh9GC0X@c07060>
- In-reply-to: <handler.905227.B.153313797610027.ack@bugs.debian.org>
- References: <[🔎] 153313642823.24307.14872080838075083561.reportbug@fireserv.urz.uni-heidelberg.de> <handler.905227.B.153313797610027.ack@bugs.debian.org>
Duplicate of bug #905228Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---