Subject: Re: PAM vulnerability in portable OpenSSH
To: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <>
From: Damien Miller <>
List: current-users
Date: 10/02/2003 09:59:10
Dag-Erling Smørgrav wrote:
> Damien Miller <> writes:
>>The PAM spec is silent on the meanings of the arguments to the
>>conversation function (a really sad state of affairs for a security
> XSSO page 89: "The parameter msg is a pointer to an array of length
> num_msg of the pam_message structure".

You don't seem to agree. The PAM code that you wrote for FreeBSD's
OpenSSH treats msg as an array of pointers, not a pointer to an array
of structs.

(scroll down to pam_thread_conv)

See my point? One of the vulnerabilities in the recent sshpam.adv was
due to a similar confusion.