Debian Bug report logs - #66740
ssh-askpass-gnome: The first password is always bad

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Mattia.Monga@elet.polimi.it

To: submit@bugs.debian.org

Subject: ssh-askpass-gnome: The first password is always bad

Date: Wed, 05 Jul 2000 08:43:18 +0200

Package: ssh-askpass-gnome
Version: 1:1.2.3-8
Severity: normal

When I enter my passphrase I get always "bad password" message for the first 
try. The second try is good.

-- System Information
Debian Release: 2.2
Kernel Version: Linux micca 2.2.17 #1 Mon Jun 26 12:14:39 CEST 2000 i586 unknown

Versions of the packages ssh-askpass-gnome depends on:
ii  gdk-imlib1     1.9.8-4        Gdk-Imlib is an imaging library for use with
ii  libart2        1.2.3-1        The Gnome canvas widget
ii  libaudiofile0  0.1.9-0.1      The Audiofile Library
ii  libc6          2.1.3-10       GNU C Library: Shared libraries and Timezone
ii  libdb2         2.7.7-2        The Berkeley database routines (run-time fil
ii  libesd0        0.2.18-3       Enlightened Sound Daemon - Shared libraries
ii  libglib1.2     1.2.8-1        The GLib library of C routines
ii  libgnome32     1.2.3-1        The Gnome libraries
ii  libgnomesuppor 1.2.3-1        The Gnome libraries (Support libraries)
ii  libgnomeui32   1.2.3-1        The Gnome libraries (User Interface)
ii  libgtk1.2      1.2.8-1        The GIMP Toolkit set of widgets for X
ii  ssh            1.2.3-8        Secure rlogin/rsh/rcp replacement (OpenSSH)
ii  xlib6g         3.3.6-8        shared libraries required by X clients
libesd-alsa0	Not installed or no info
ii  zlib1g         1.1.3-5        compression library - runtime
	^^^ (Provides virtual package libz1)

Message #10 received at 66740@bugs.debian.org (full text, mbox, reply):

From: Mattia Monga <monga@elet.polimi.it>

To: 66740@bugs.debian.org

Subject: Bug workaround

Date: Sun, 24 Dec 2000 15:10:01 +0100 (CET)

[Message part 1 (text/plain, inline)]

ssh-askpass-gnome: The first password is always bad - Bug #66740

The problem seems related to the use of puts. I substituted it with a
g_print. On my system it works fine now.

Merry Christmas!


-- 
Mattia Monga    Politecnico di Milano - Dip. Elettronica e Informazione
V. Ponzio 34/5 - I 20133 Milano Tel:+39-02-23993638 Fax:+39-02-23993411
mailto:monga@elet.polimi.it            http://www.elet.polimi.it/~monga
ICQ#14593153                                         *nec spe nec metu*

[gnome-ssh-askpass.diff (text/plain, attachment)]

Message #15 received at 66740@bugs.debian.org (full text, mbox, reply):

From: "Gregory T. Norris" <adric@debian.org>

To: 66740@bugs.debian.org

Subject: Re: Bug#66740: ssh-askpass-gnome: The first password is always bad

Date: Sun, 25 Mar 2001 20:23:07 -0600

[Message part 1 (text/plain, inline)]

For whatever it's worth, Mattia's patch fixes this issue for me as
well.  It has to be applied manually on version 2.5.2p2-2, but it's
trivial to perform.

[Message part 2 (application/pgp-signature, inline)]

Message #20 received at 66740@bugs.debian.org (full text, mbox, reply):

From: "Gregory T. Norris" <haphazard@socket.net>

To: 66740@bugs.debian.org

Subject: Re: Bug#66740: ssh-askpass-gnome: The first password is always bad

Date: Sun, 10 Jun 2001 09:41:13 -0500

[Message part 1 (text/plain, inline)]

Version 2.5.2p2-2.1 appears to have fixed the problem.  Can anyone else
confirm this?

[Message part 2 (application/pgp-signature, inline)]

Message #25 received at 66740@bugs.debian.org (full text, mbox, reply):

From: "Charles C. Fu" <ccwf@bacchus.com>

To: 66740@bugs.debian.org

Cc: openssh-unix-dev@mindrot.org, Matthew Vernon <matthew@debian.org>

Subject: Re: Bug#66740: ssh-askpass-gnome: The first password is always bad (was: OpenSSH 3.0)

Date: 08 Dec 2001 17:33:29 -0800

   Background: Many Debian users have reported a problem to Debian
   with ssh-askpass-gnome always rejecting the first passphrase.
   <URL:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=66740&repeatmerged=yes>
   shows the thread for one of these reports.

OK, I have traced through the logic and believe I have identified the
causes of this bug.

1. ssh-askpass-gnome uses puts() to print the passphrase.  The puts()
   call writes the passphrase and a line terminator to stdout.
   However, multiple write() calls may be invoked by puts() to write
   the passphrase and terminator.

2. In ssh-add, readpass.c(ssh_askpass) uses a single read() call to
   read the passphrase from the SSH_ASKPASS program.  If the
   SSH_ASKPASS program used multiple calls to write(), depending upon
   timing, read() may not return the characters written by write()
   calls after the first.  With Debian/Linux, the result is that only
   the passphrase is read and not the LF.

3. In ssh-add, readpass.c(ssh_askpass) did not correctly check if the
   characters read ended with a line terminator.  If they did not,
   the function would not null-terminate the string correctly, and
   ssh-add could report a bad passphrase (depending upon what the
   contents of buf happened to be before the read()).  As reported on
   the openssh-unix-dev mailing list (see, for example, the message
   <20011107.124748.92055508.gotoh@taiyo.co.jp> on 06 Nov 2001), this
   problem could also result in worse problems.

   The second time the passphrase is requested, the buffer into
   which the passphrase is read is pre-zeroed with memset, thereby
   null-terminating the string (normally) and avoiding the bug.

Fixing any of these three issues should eliminate this problem.  The
third issue was already fixed in the CVS repository on Nov 8, 2001.  I
think the second issue should be addressed as well.

1. As Mattia Monga suggested, replacing puts() in ssh-askpass-gnome
   with a function that does a single call to write() works around the
   bug.  Of course, it does not fix the underlying problems in
   readpass.c, so other SSH_ASKPASS programs could continue to exhibit
   this bug.

2. In readpass.c(ssh_askpass), replacing the single read() call with a
   loop to be sure all characters are read (up to the size permitted
   by the buf buffer) would be a good fix to the problem.

   Moving the waitpid() call up before the read() call (so that the
   passphrase is not read from the pipe until the SSH_ASKPASS program
   has exited) also works for ordinary cases.  However, deadlock could
   then result if the SSH_ASKPASS program tries to write a passphrase
   exceeding the OS buffer for pipes.

3. Revision 1.23 of readpass.c, as a pleasant side effect, by ensuring
   that the characters read are always null terminated, works around
   the ssh-askpass-gnome problem in addition to fixing the buffer
   overflow problem for which it was originally submitted.  Simply
   picking up this recent revision in Debian (it was incorporated into
   OpenSSH 3.0.1) should have fixed the apparent ssh-askpass-gnome
   bug, so it and all the duplicate reports of this problem can now be
   closed in the Debian bug tracking system.  I can confirm that one
   of my Debian boxes exhibited this bug in versions up to and
   including 2.9p2-6 and that it has now finally gone away with the
   installation of 3.0.1p1-1.2.

   Again, theoretical problems with other SSH_ASKPASS programs which
   use multiple write() calls to write the passphrase will remain
   until issue 2 above is resolved.

Finally, since readpass.c(ssh_askpass) does not use the stdio library
to read the passphrase, it might be a good idea to recommend
SSH_ASKPASS programs not use stdio routines to write the passphrase.
This would avoid line terminator mismatches.  However, with the
changes in readpass.c revision 1.23, the line terminator has become
optional, and I think it would be an even better idea to phase out
writing it in SSH_ASKPASS programs.

-ccwf
-- 
                 ,--         Charles C. Fu          ccwf@bacchus.com
___  __ __. . ,-/--         Vice President            310-455-2396
    (_,(_,|/|/ /             Bacchus, Inc.    http://www.bacchus.com/~ccwf/
            --'

Message #30 received at 66740@bugs.debian.org (full text, mbox, reply):

From: Damien Miller <djm@mindrot.org>

To: "Charles C. Fu" <ccwf@bacchus.com>

Cc: <66740@bugs.debian.org>, <openssh-unix-dev@mindrot.org>, Matthew Vernon <matthew@debian.org>

Subject: Re: Bug#66740: ssh-askpass-gnome: The first password is always bad (was: OpenSSH 3.0)

Date: Tue, 11 Dec 2001 16:53:14 +1100 (EST)

On 8 Dec 2001, Charles C. Fu wrote:

>    Background: Many Debian users have reported a problem to Debian
>    with ssh-askpass-gnome always rejecting the first passphrase.
>    <URL:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=66740&repeatmerged=yes>
>    shows the thread for one of these reports.

Please report future portable OpenSSH bugs at http://bugzilla.mindrot.org/ - 
it makes them easier to track.

Could you try this patch?

Index: readpass.c
===================================================================
RCS file: /var/cvs/openssh/readpass.c,v
retrieving revision 1.21
diff -u -r1.21 readpass.c
--- readpass.c	2001/11/12 00:05:21	1.21
+++ readpass.c	2001/12/11 05:47:26
@@ -46,7 +46,7 @@
 	pid_t pid;
 	size_t len;
 	char *pass;
-	int p[2], status;
+	int p[2], status, ret;
 	char buf[1024];
 
 	if (fflush(stdout) != 0)
@@ -71,14 +71,23 @@
 		fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno));
 	}
 	close(p[1]);
-	len = read(p[0], buf, sizeof buf -1);
+
+	len = ret = 0;
+	do {
+		ret = read(p[0], buf + len, sizeof(buf) - 1 - len);
+		if (ret == -1 && errno == EINTR)
+			continue;
+		if (ret <= 0)
+			break;
+		len += ret;
+	} while (sizeof(buf) - 1 - len > 0);
+	buf[len] = '\0';
+
 	close(p[0]);
 	while (waitpid(pid, &status, 0) < 0)
 		if (errno != EINTR)
 			break;
-	if (len <= 1)
-		return xstrdup("");
-	buf[len] = '\0';
+
 	buf[strcspn(buf, "\r\n")] = '\0';
 	pass = xstrdup(buf);
 	memset(buf, 0, sizeof(buf));

-- 
| By convention there is color,       \\ Damien Miller <djm@mindrot.org>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)

Message #35 received at 66740@bugs.debian.org (full text, mbox, reply):

From: "Charles C. Fu" <ccwf@bacchus.com>

To: Damien Miller <djm@mindrot.org>

Cc: <66740@bugs.debian.org>, <openssh-unix-dev@mindrot.org>, Matthew Vernon <matthew@debian.org>

Subject: Re: Bug#66740: ssh-askpass-gnome: The first password is always bad (was: OpenSSH 3.0)

Date: 18 Dec 2001 16:45:54 -0800

In <Pine.LNX.4.33.0112111649370.20647-100000@mothra.mindrot.org>
   on 10 Dec 2001, djm@mindrot.org <djm@mindrot.org> wrote:
> Please report future portable OpenSSH bugs at
> http://bugzilla.mindrot.org/ - it makes them easier to track.

Sorry, is the URL above in the documentation?  I didn't see it and so
didn't know about it.

> Could you try this patch?

Patch appears to work fine, enabling a two write passphrase to be
read.  I tested with SSH_ASKPASS set to the following simple script

  #!/bin/sh -
  echo -n '<passphrase>'
  sleep 6
  echo

and verified using gdb that the new logic now reads all the characters
written.  I have not regression tested to be sure the new code still
handles the passphrase >= sizeof buf case (readpass v1.23), but the
code looks visually OK to me.

As a side note, I don't think the memset at the end is necessary,
although we were fortunate before that it happened to let ssh-add
function properly the second time the passphrase was read (because the
memset had zeroed that area of the stack and nothing else overwrote it
between the calls to ssh_askpass).

-ccwf

Message #44 received at 66740-done@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>

To: 66740-done@bugs.debian.org

Subject: Fixed in OpenSSH 3.1p1

Date: Sat, 26 Oct 2002 16:10:10 +0100

Hi,

The "ssh-add fails to read all data from ssh-askpass" bug, reported
against ssh-askpass-gnome, has been fixed upstream since OpenSSH 3.1p1.
I'm therefore closing this group of merged bugs.

Thanks,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Send a report that this bug log contains spam.