- markus@cvs.openbsd.org 2003/08/26 09:58:43

[auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c] [auth2.c monitor.c] fix passwd auth for 'username leaks via timing'; with djm@, original patches from solar
author: Damien Miller <djm@mindrot.org> 2003-09-03 07:32:45 +1000
committer: Damien Miller <djm@mindrot.org> 2003-09-03 07:32:45 +1000
commit: 856f0be66908352828bb595f7ad5213623c0c610 (patch)
tree: 607c8df162abc4a5aa61cbaad86f9a4aaf71718a /auth1.c
parent: 39638b6aebf5ca69ba75c79c0cc0572e1f396258 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/auth1.c b/auth1.c
index 5b1922a11..dfe944dd1 100644
--- a/auth1.c
+++ b/auth1.c
@@ -299,8 +299,10 @@ do_authentication(void)
        /* Verify that the user is a valid user. */
        if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
                authctxt->valid = 1;
-        else
+        else {
                debug("do_authentication: illegal user %s", user);
+                authctxt->pw = fakepw();
+        }
        setproctitle("%s%s", authctxt->pw ? user : "unknown",
            use_privsep ? " [net]" : "");
author	Damien Miller <djm@mindrot.org>	2003-09-03 07:32:45 +1000
committer	Damien Miller <djm@mindrot.org>	2003-09-03 07:32:45 +1000
commit	856f0be66908352828bb595f7ad5213623c0c610 (patch)
tree	607c8df162abc4a5aa61cbaad86f9a4aaf71718a /auth1.c
parent	39638b6aebf5ca69ba75c79c0cc0572e1f396258 (diff)