[Bug 2031942] Re: AuthorizedPrincipalsCommand is ignored if AuthorizedKeysCommand is set

Michał Małoszewski 2031942 at bugs.launchpad.net
Tue Aug 29 15:23:35 UTC 2023 

** Description changed:

+ [Impact]
+ 
+ * User of openssh reported an issue that affects Lunar and Jammy.
+ 
+ * This crash is caused by the wrong pointer manipulation in the if
+ statement. The fix is to change the code to check if the value pointed
+ to by the pointer 'charptr' is NULL.
+ 
+ [Test Plan]
+ 
+ TBD
+ 
+ [Where problems could occur]
+ 
+ * The patch itself modifies only the servconf.c, so regressions should
+ be limited to the server configuration.
+ 
+ * Since the fix touches pointers, there might be regression related to
+ memory handling and fetching data.
+ 
+ ---------------------------------original
+ report--------------------------
+ 
+ 
  Versions of OpenSSH from 8.7p1 to 9.3p1 contain the following code:
  
-                 if (*activep && options->authorized_keys_command == NULL)
-                         *charptr = xstrdup(str + len);
+                 if (*activep && options->authorized_keys_command == NULL)
+                         *charptr = xstrdup(str + len);
  
  However, this is executed for both authorized_keys_command and
  authorized_principals_command. As a result, if authorized_keys_command
  is set (for instance, if using ec2-instance-connect), any
  AuthorizedPrincipalsCommand configuration in sshd_config is ignored.
  This is fixed in 9.4p1 with the attached patch.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2031942

Title:
  AuthorizedPrincipalsCommand is ignored if AuthorizedKeysCommand is set

Status in openssh package in Ubuntu:
  In Progress
Status in openssh source package in Jammy:
  In Progress
Status in openssh source package in Lunar:
  In Progress
Status in openssh source package in Mantic:
  In Progress

Bug description:
  [Impact]

  * User of openssh reported an issue that affects Lunar and Jammy.

  * This crash is caused by the wrong pointer manipulation in the if
  statement. The fix is to change the code to check if the value pointed
  to by the pointer 'charptr' is NULL.

  [Test Plan]

  TBD

  [Where problems could occur]

  * The patch itself modifies only the servconf.c, so regressions should
  be limited to the server configuration.

  * Since the fix touches pointers, there might be regression related to
  memory handling and fetching data.

  ---------------------------------original
  report--------------------------

  
  Versions of OpenSSH from 8.7p1 to 9.3p1 contain the following code:

                  if (*activep && options->authorized_keys_command == NULL)
                          *charptr = xstrdup(str + len);

  However, this is executed for both authorized_keys_command and
  authorized_principals_command. As a result, if authorized_keys_command
  is set (for instance, if using ec2-instance-connect), any
  AuthorizedPrincipalsCommand configuration in sshd_config is ignored.
  This is fixed in 9.4p1 with the attached patch.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2031942/+subscriptions

More information about the foundations-bugs mailing list