summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2004-11-28 17:59:30 +0000
committerColin Watson <cjwatson@debian.org>2004-11-28 17:59:30 +0000
commit1153b38f4612d93ca7f8dfa6756d6ed64338b281 (patch)
treeda18bcd670178ec2edd1b4b221a0f72f7eb76e76
parentc4945711e5b64f37ab1f5bb4538fd74595820edf (diff)
Merge from HEAD:
Fix timing information leak allowing discovery of invalid usernames in PAM keyboard-interactive authentication (backported from a patch by Darren Tucker; closes: #281595).
Diffstat
-rw-r--r--auth-pam.c6
-rw-r--r--auth2-chall.c11
-rw-r--r--debian/changelog3
3 files changed, 12 insertions, 8 deletions
diff --git a/auth-pam.c b/auth-pam.c
index 701d85b64..ec3b74951 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -169,6 +169,7 @@ static int sshpam_cred_established = 0;
169static int sshpam_account_status = -1; 169static int sshpam_account_status = -1;
170static char **sshpam_env = NULL; 170static char **sshpam_env = NULL;
171static Authctxt *sshpam_authctxt = NULL; 171static Authctxt *sshpam_authctxt = NULL;
172static char badpw[] = "\b\n\r\177INCORRECT";
172 173
173/* Some PAM implementations don't implement this */ 174/* Some PAM implementations don't implement this */
174#ifndef HAVE_PAM_GETENVLIST 175#ifndef HAVE_PAM_GETENVLIST
@@ -644,7 +645,10 @@ sshpam_respond(void *ctx, u_int num, char **resp)
644 return (-1); 645 return (-1);
645 } 646 }
646 buffer_init(&buffer); 647 buffer_init(&buffer);
647 buffer_put_cstring(&buffer, *resp); 648 if (sshpam_authctxt->valid)
649 buffer_put_cstring(&buffer, *resp);
650 else
651 buffer_put_cstring(&buffer, badpw);
648 if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) { 652 if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) {
649 buffer_free(&buffer); 653 buffer_free(&buffer);
650 return (-1); 654 return (-1);
diff --git a/auth2-chall.c b/auth2-chall.c
index aacbf0bcc..0f08b05c6 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -275,12 +275,9 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
275 } 275 }
276 packet_check_eom(); 276 packet_check_eom();
277 277
278 if (authctxt->valid) { 278 res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response);
279 res = kbdintctxt->device->respond(kbdintctxt->ctxt, 279 if (!authctxt->valid)
280 nresp, response); 280 res = 1; /* keep going if login invalid */
281 } else {
282 res = -1;
283 }
284 281
285 for (i = 0; i < nresp; i++) { 282 for (i = 0; i < nresp; i++) {
286 memset(response[i], 'r', strlen(response[i])); 283 memset(response[i], 'r', strlen(response[i]));
@@ -292,7 +289,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
292 switch (res) { 289 switch (res) {
293 case 0: 290 case 0:
294 /* Success! */ 291 /* Success! */
295 authenticated = 1; 292 authenticated = authctxt->valid ? 1 : 0;
296 break; 293 break;
297 case 1: 294 case 1:
298 /* Authentication needs further interaction */ 295 /* Authentication needs further interaction */
diff --git a/debian/changelog b/debian/changelog
index 19840ae9b..81e80f639 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,9 @@
1openssh (1:3.8.1p1-14) UNRELEASED; urgency=low 1openssh (1:3.8.1p1-14) UNRELEASED; urgency=low
2 2
3 * We use DH_COMPAT=2, so build-depend on debhelper (>= 2). 3 * We use DH_COMPAT=2, so build-depend on debhelper (>= 2).
4 * Fix timing information leak allowing discovery of invalid usernames in
5 PAM keyboard-interactive authentication (backported from a patch by
6 Darren Tucker; closes: #281595).
4 7
5 -- Colin Watson <cjwatson@debian.org> Sun, 28 Nov 2004 17:52:23 +0000 8 -- Colin Watson <cjwatson@debian.org> Sun, 28 Nov 2004 17:52:23 +0000
6 9
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-30 02:59:58 +0000