Merge from HEAD:

Fix timing information leak allowing discovery of invalid usernames in PAM keyboard-interactive authentication (backported from a patch by Darren Tucker; closes: #281595).
author: Colin Watson <cjwatson@debian.org> 2004-11-28 17:59:30 +0000
committer: Colin Watson <cjwatson@debian.org> 2004-11-28 17:59:30 +0000
commit: 1153b38f4612d93ca7f8dfa6756d6ed64338b281 (patch)
tree: da18bcd670178ec2edd1b4b221a0f72f7eb76e76 /auth-pam.c
parent: c4945711e5b64f37ab1f5bb4538fd74595820edf (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/auth-pam.c b/auth-pam.c
index 701d85b64..ec3b74951 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -169,6 +169,7 @@ static int sshpam_cred_established = 0;
 static int sshpam_account_status = -1;
 static char **sshpam_env = NULL;
 static Authctxt *sshpam_authctxt = NULL;
+static char badpw[] = "\b\n\r\177INCORRECT";
 /* Some PAM implementations don't implement this */
 #ifndef HAVE_PAM_GETENVLIST
@@ -644,7 +645,10 @@ sshpam_respond(void *ctx, u_int num, char **resp)
                return (-1);
        }
        buffer_init(&buffer);
-        buffer_put_cstring(&buffer, *resp);
+        if (sshpam_authctxt->valid)
+                buffer_put_cstring(&buffer, *resp);
+        else
+                buffer_put_cstring(&buffer, badpw);
        if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) {
                buffer_free(&buffer);
                return (-1);
author	Colin Watson <cjwatson@debian.org>	2004-11-28 17:59:30 +0000
committer	Colin Watson <cjwatson@debian.org>	2004-11-28 17:59:30 +0000
commit	1153b38f4612d93ca7f8dfa6756d6ed64338b281 (patch)
tree	da18bcd670178ec2edd1b4b221a0f72f7eb76e76 /auth-pam.c
parent	c4945711e5b64f37ab1f5bb4538fd74595820edf (diff)