vishalmishra434 / rpms / openssh

Forked from rpms/openssh a month ago
Clone
Source Code
GIT

Blame openssh-6.9p1-authentication-limits-bypass.patch

c10s-sig-hyperscale c10s-sig-hyperscale-2 c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   1d506784577e5cd45ffb728aff7c8ace6bfe9684
  2.   openssh-6.9p1-authentication-limits-bypass.patch
Blob History Raw
Jakub Jelen c6d2ec 
From 5b64f85bb811246c59ebab70aed331f26ba37b18 Mon Sep 17 00:00:00 2001
Jakub Jelen c6d2ec 
From: "djm@openbsd.org" <djm@openbsd.org>
Jakub Jelen c6d2ec 
Date: Sat, 18 Jul 2015 07:57:14 +0000
Jakub Jelen c6d2ec 
Subject: upstream commit
Jakub Jelen c6d2ec
Jakub Jelen c6d2ec 
only query each keyboard-interactive device once per
Jakub Jelen c6d2ec 
 authentication request regardless of how many times it is listed; ok markus@
Jakub Jelen c6d2ec
Jakub Jelen c6d2ec 
Upstream-ID: d73fafba6e86030436ff673656ec1f33d9ffeda1
Jakub Jelen c6d2ec 
---
Jakub Jelen c6d2ec 
 auth2-chall.c | 11 ++++++++---
Jakub Jelen c6d2ec 
 1 file changed, 8 insertions(+), 3 deletions(-)
Jakub Jelen c6d2ec
Jakub Jelen c6d2ec 
diff --git a/auth2-chall.c b/auth2-chall.c
Jakub Jelen c6d2ec 
index ddabe1a..4aff09d 100644
Jakub Jelen c6d2ec 
--- a/auth2-chall.c
Jakub Jelen c6d2ec 
+++ b/auth2-chall.c
Jakub Jelen c6d2ec 
@@ -83,6 +83,7 @@ struct KbdintAuthctxt
Jakub Jelen c6d2ec 
 	void *ctxt;
Jakub Jelen c6d2ec 
 	KbdintDevice *device;
Jakub Jelen c6d2ec 
 	u_int nreq;
Jakub Jelen c6d2ec 
+	u_int devices_done;
Jakub Jelen c6d2ec 
 };
Jakub Jelen c6d2ec
Jakub Jelen c6d2ec 
 #ifdef USE_PAM
Jakub Jelen c6d2ec 
@@ -169,11 +170,15 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt)
Jakub Jelen c6d2ec 
 		if (len == 0)
Jakub Jelen c6d2ec 
 			break;
Jakub Jelen c6d2ec 
 		for (i = 0; devices[i]; i++) {
Jakub Jelen c6d2ec 
-			if (!auth2_method_allowed(authctxt,
Jakub Jelen c6d2ec 
+			if ((kbdintctxt->devices_done & (1 << i)) != 0 ||
Jakub Jelen c6d2ec 
+			    !auth2_method_allowed(authctxt,
Jakub Jelen c6d2ec 
 			    "keyboard-interactive", devices[i]->name))
Jakub Jelen c6d2ec 
 				continue;
Jakub Jelen c6d2ec 
-			if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
Jakub Jelen c6d2ec 
+			if (strncmp(kbdintctxt->devices, devices[i]->name,
Jakub Jelen c6d2ec 
+			    len) == 0) {
Jakub Jelen c6d2ec 
 				kbdintctxt->device = devices[i];
Jakub Jelen c6d2ec 
+				kbdintctxt->devices_done |= 1 << i;
Jakub Jelen c6d2ec 
+			}
Jakub Jelen c6d2ec 
 		}
Jakub Jelen c6d2ec 
 		t = kbdintctxt->devices;
Jakub Jelen c6d2ec 
 		kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
Jakub Jelen c6d2ec 
--
Jakub Jelen c6d2ec 
cgit v0.11.2
Jakub Jelen c6d2ec
Jakub Jelen c6d2ec

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation