Fix timing information leak allowing discovery of invalid usernames in PAM

keyboard-interactive authentication (backported from a patch by Darren Tucker; closes: #281595).
author: Colin Watson <cjwatson@debian.org> 2004-11-28 12:31:03 +0000
committer: Colin Watson <cjwatson@debian.org> 2004-11-28 12:31:03 +0000
commit: 9ebd617cc085a14c1a197f140b037a3679ba3e2e (patch)
tree: 2250f61f7e87ee984ca9b8c3d47b63c283c072f3 /auth2-chall.c
parent: 4ce1a4433f9ee75c4c5508db6e499db725882887 (diff)
1 files changed, 4 insertions, 7 deletions
diff --git a/auth2-chall.c b/auth2-chall.c
index aacbf0bcc..0f08b05c6 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -275,12 +275,9 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
        }
        packet_check_eom();
-        if (authctxt->valid) {
+        res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response);
-                res = kbdintctxt->device->respond(kbdintctxt->ctxt,
+        if (!authctxt->valid)
-                    nresp, response);
+                res = 1;        /* keep going if login invalid */
-        } else {
-                res = -1;
-        }
        for (i = 0; i < nresp; i++) {
                memset(response[i], 'r', strlen(response[i]));
@@ -292,7 +289,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
        switch (res) {
        case 0:
                /* Success! */
-                authenticated = 1;
+                authenticated = authctxt->valid ? 1 : 0;
                break;
        case 1:
                /* Authentication needs further interaction */
author	Colin Watson <cjwatson@debian.org>	2004-11-28 12:31:03 +0000
committer	Colin Watson <cjwatson@debian.org>	2004-11-28 12:31:03 +0000
commit	9ebd617cc085a14c1a197f140b037a3679ba3e2e (patch)
tree	2250f61f7e87ee984ca9b8c3d47b63c283c072f3 /auth2-chall.c
parent	4ce1a4433f9ee75c4c5508db6e499db725882887 (diff)