- djm@cvs.openbsd.org 2009/10/23 01:57:11

[sshconnect2.c] disallow a hostile server from checking jpake auth by sending an out-of-sequence success message. (doesn't affect code enabled by default)
author: Darren Tucker <dtucker@zip.com.au> 2009-10-24 11:47:58 +1100
committer: Darren Tucker <dtucker@zip.com.au> 2009-10-24 11:47:58 +1100
commit: 2f29a8caba867a2b0c32772de705657de726dcca (patch)
tree: e887e2c756a32dc65948ba5ac41624b1bd3c1a1c
parent: dfb9b716500f777563a8f6f36072210fea167530 (diff)
2 files changed, 24 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 5ec1345c3..53dcc62fd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,10 @@
     [authfile.c]
     switch from 3DES to AES-128 for encryption of passphrase-protected
     SSH protocol 2 private keys; ok several
+   - djm@cvs.openbsd.org 2009/10/23 01:57:11
+     [sshconnect2.c]
+     disallow a hostile server from checking jpake auth by sending an
+     out-of-sequence success message. (doesn't affect code enabled by default)
 20091011
 - (dtucker) [configure.ac sftp-client.c] Remove the gyrations required for
diff --git a/sshconnect2.c b/sshconnect2.c
index 260c6307a..1e0e9d5e1 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.171 2009/03/05 07:18:19 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.172 2009/10/23 01:57:11 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -210,6 +210,7 @@ struct Authmethod {
 };
 void    input_userauth_success(int, u_int32_t, void *);
+void    input_userauth_success_unexpected(int, u_int32_t, void *);
 void    input_userauth_failure(int, u_int32_t, void *);
 void    input_userauth_banner(int, u_int32_t, void *);
 void    input_userauth_error(int, u_int32_t, void *);
@@ -427,12 +428,15 @@ void
 input_userauth_success(int type, u_int32_t seq, void *ctxt)
 {
        Authctxt *authctxt = ctxt;
        if (authctxt == NULL)
                fatal("input_userauth_success: no authentication context");
        if (authctxt->authlist) {
                xfree(authctxt->authlist);
                authctxt->authlist = NULL;
        }
+        if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
+                authctxt->method->cleanup(authctxt);
        if (authctxt->methoddata) {
                xfree(authctxt->methoddata);
                authctxt->methoddata = NULL;
@@ -440,6 +444,18 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt)
        authctxt->success = 1;                  /* break out */
 }
+void
+input_userauth_success_unexpected(int type, u_int32_t seq, void *ctxt)
+{
+        Authctxt *authctxt = ctxt;
+        if (authctxt == NULL)
+                fatal("%s: no authentication context", __func__);
+        fatal("Unexpected authentication success during %s.",
+            authctxt->method->name);
+}
 /* ARGSUSED */
 void
 input_userauth_failure(int type, u_int32_t seq, void *ctxt)
@@ -1709,6 +1725,8 @@ userauth_jpake(Authctxt *authctxt)
        /* Expect step 1 packet from peer */
        dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1,
            input_userauth_jpake_server_step1);
+        dispatch_set(SSH2_MSG_USERAUTH_SUCCESS,
+            &input_userauth_success_unexpected);
        return 1;
 }
@@ -1721,6 +1739,7 @@ userauth_jpake_cleanup(Authctxt *authctxt)
                jpake_free(authctxt->methoddata);
                authctxt->methoddata = NULL;
        }
+        dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
 }
 #endif /* JPAKE */
author	Darren Tucker <dtucker@zip.com.au>	2009-10-24 11:47:58 +1100
committer	Darren Tucker <dtucker@zip.com.au>	2009-10-24 11:47:58 +1100
commit	2f29a8caba867a2b0c32772de705657de726dcca (patch)
tree	e887e2c756a32dc65948ba5ac41624b1bd3c1a1c
parent	dfb9b716500f777563a8f6f36072210fea167530 (diff)