- dtucker@cvs.openbsd.org 2010/03/07 11:57:13

[auth-rhosts.c monitor.c monitor_wrap.c session.c auth-options.c sshd.c] Hold authentication debug messages until after successful authentication. Fixes an info leak of environment variables specified in authorized_keys, reported by Jacob Appelbaum. ok djm@
author: dtucker <dtucker> 2010-03-07 12:05:17 +0000
committer: dtucker <dtucker> 2010-03-07 12:05:17 +0000
commit: 456727ae07a7dbd6d6eb9e4fd9521e012d1d0771 (patch)
tree: 3fc4d5387db7fa7c2b54a974cd530c8ae1b4b954 /sshd.c
parent: d3d69a5b9aa364abaedfdfac4a434bdbc63cd968 (diff)
download: openssh-456727ae07a7dbd6d6eb9e4fd9521e012d1d0771.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/sshd.c b/sshd.c
index 0c3c04e4..bc0d2753 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.373 2010/02/26 20:29:54 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.374 2010/03/07 11:57:13 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1939,6 +1939,7 @@ main(int ac, char **av)
 
 	/* prepare buffer to collect messages to display to user after login */
 	buffer_init(&loginmsg);
+	auth_debug_reset();
 
 	if (use_privsep)
 		if (privsep_preauth(authctxt) == 1)
author	dtucker <dtucker>	2010-03-07 12:05:17 +0000
committer	dtucker <dtucker>	2010-03-07 12:05:17 +0000
commit	456727ae07a7dbd6d6eb9e4fd9521e012d1d0771 (patch)
tree	3fc4d5387db7fa7c2b54a974cd530c8ae1b4b954 /sshd.c
parent	d3d69a5b9aa364abaedfdfac4a434bdbc63cd968 (diff)
download	openssh-456727ae07a7dbd6d6eb9e4fd9521e012d1d0771.tar.gz