[src/trunk]: src/crypto/external/bsd/openssh/dist From FreeBSD:

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/crypto/external/bsd/openssh/dist From FreeBSD:
From: christos <christos%NetBSD.org@localhost>
Date: Tue, 31 Jul 2018 19:31:26 +0000

details:   https://anonhg.NetBSD.org/src/rev/a84847e2f3b1
branches:  trunk
changeset: 339588:a84847e2f3b1
user:      christos <christos%NetBSD.org@localhost>
date:      Wed Jul 29 15:04:40 2015 +0000

description:
>From FreeBSD:
A remote attacker may effectively bypass MaxAuthTries settings, which would
enable them to brute force passwords. [CVE-2015-5600]
XXX: pullup-7

diffstat:

 crypto/external/bsd/openssh/dist/auth2-chall.c |  13 +++++++++----
 1 files changed, 9 insertions(+), 4 deletions(-)

diffs (44 lines):

diff -r a84af486b96a -r a84847e2f3b1 crypto/external/bsd/openssh/dist/auth2-chall.c
--- a/crypto/external/bsd/openssh/dist/auth2-chall.c    Wed Jul 29 14:35:04 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/auth2-chall.c    Wed Jul 29 15:04:40 2015 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: auth2-chall.c,v 1.7 2015/04/03 23:58:19 christos Exp $ */
+/*     $NetBSD: auth2-chall.c,v 1.8 2015/07/29 15:04:40 christos Exp $ */
 /* $OpenBSD: auth2-chall.c,v 1.42 2015/01/19 20:07:45 markus Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -26,7 +26,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth2-chall.c,v 1.7 2015/04/03 23:58:19 christos Exp $");
+__RCSID("$NetBSD: auth2-chall.c,v 1.8 2015/07/29 15:04:40 christos Exp $");
 #include <sys/types.h>
 
 #include <stdio.h>
@@ -83,6 +83,7 @@
        void *ctxt;
        KbdintDevice *device;
        u_int nreq;
+       u_int devices_done;
 };
 
 #ifdef USE_PAM
@@ -170,11 +171,15 @@
                if (len == 0)
                        break;
                for (i = 0; devices[i]; i++) {
-                       if (!auth2_method_allowed(authctxt,
+                       if ((kbdintctxt->devices_done & (1 << i)) != 0 ||
+                           !auth2_method_allowed(authctxt,
                            "keyboard-interactive", devices[i]->name))
                                continue;
-                       if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
+                       if (strncmp(kbdintctxt->devices, devices[i]->name,
+                           len) == 0) {
                                kbdintctxt->device = devices[i];
+                               kbdintctxt->devices_done |= 1 << i;
+                       }
                }
                t = kbdintctxt->devices;
                kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;

Prev by Date: [src/trunk]: src/share/mk Revert rev 1.359 which broke libsa builds. PR/50101
Next by Date: [src/trunk]: src/usr.bin/xlint/lint1 Be more specific about the type errors
Previous by Thread: [src/trunk]: src/share/mk Revert rev 1.359 which broke libsa builds. PR/50101
Next by Thread: [src/trunk]: src/usr.bin/xlint/lint1 Be more specific about the type errors
Indexes:

Home | Main Index | Thread Index | Old Index