Subject: Re: PAM vulnerability in portable OpenSSH
To: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <firstname.lastname@example.org>
From: Damien Miller <email@example.com>
Date: 10/02/2003 09:59:10
Dag-Erling Smørgrav wrote:
> Damien Miller <firstname.lastname@example.org> writes:
>>The PAM spec is silent on the meanings of the arguments to the
>>conversation function (a really sad state of affairs for a security
> XSSO page 89: "The parameter msg is a pointer to an array of length
> num_msg of the pam_message structure".
You don't seem to agree. The PAM code that you wrote for FreeBSD's
OpenSSH treats msg as an array of pointers, not a pointer to an array
(scroll down to pam_thread_conv)
See my point? One of the vulnerabilities in the recent sshpam.adv was
due to a similar confusion.