Fix timing information leak allowing discovery of invalid usernames in PAM

keyboard-interactive authentication (backported from a patch by Darren Tucker; closes: #281595).
author: Colin Watson <cjwatson@debian.org> 2004-11-28 12:31:03 +0000
committer: Colin Watson <cjwatson@debian.org> 2004-11-28 12:31:03 +0000
commit: 9ebd617cc085a14c1a197f140b037a3679ba3e2e (patch)
tree: 2250f61f7e87ee984ca9b8c3d47b63c283c072f3 /auth-pam.c
parent: 4ce1a4433f9ee75c4c5508db6e499db725882887 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/auth-pam.c b/auth-pam.c
index 701d85b64..ec3b74951 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -169,6 +169,7 @@ static int sshpam_cred_established = 0;
 static int sshpam_account_status = -1;
 static char **sshpam_env = NULL;
 static Authctxt *sshpam_authctxt = NULL;
+static char badpw[] = "\b\n\r\177INCORRECT";
 /* Some PAM implementations don't implement this */
 #ifndef HAVE_PAM_GETENVLIST
@@ -644,7 +645,10 @@ sshpam_respond(void *ctx, u_int num, char **resp)
                return (-1);
        }
        buffer_init(&buffer);
-        buffer_put_cstring(&buffer, *resp);
+        if (sshpam_authctxt->valid)
+                buffer_put_cstring(&buffer, *resp);
+        else
+                buffer_put_cstring(&buffer, badpw);
        if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) {
                buffer_free(&buffer);
                return (-1);
author	Colin Watson <cjwatson@debian.org>	2004-11-28 12:31:03 +0000
committer	Colin Watson <cjwatson@debian.org>	2004-11-28 12:31:03 +0000
commit	9ebd617cc085a14c1a197f140b037a3679ba3e2e (patch)
tree	2250f61f7e87ee984ca9b8c3d47b63c283c072f3 /auth-pam.c
parent	4ce1a4433f9ee75c4c5508db6e499db725882887 (diff)