Hi, When login_skey is called for a user without skey it crashes with NULL pointer dereference. It tries to pass a file descriptor that does not exist. This has to be done conditionally.
ok? bluhm Index: libexec/login_skey/login_skey.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/libexec/login_skey/login_skey.c,v retrieving revision 1.25 diff -u -p -r1.25 login_skey.c --- libexec/login_skey/login_skey.c 16 Oct 2015 13:37:43 -0000 1.25 +++ libexec/login_skey/login_skey.c 19 Jul 2017 13:54:18 -0000 @@ -160,9 +160,11 @@ main(int argc, char *argv[]) fprintf(back, BI_VALUE " challenge %s\n", auth_mkvalue(challenge)); fprintf(back, BI_CHALLENGE "\n"); - fprintf(back, BI_FDPASS "\n"); - fflush(back); - send_fd(fileno(back)); + if (haskey) { + fprintf(back, BI_FDPASS "\n"); + fflush(back); + send_fd(fileno(back)); + } exit(0); case MODE_RESPONSE: