summaryrefslogtreecommitdiff
path: root/debian/patches/upstream-delay-bailout-for-invalid-authenticating-user.patch
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2018-08-24 12:49:36 +0100
committerColin Watson <cjwatson@debian.org>2018-08-30 00:57:27 +0100
commit816386e17654ca36834bebbf351419e460fad8f6 (patch)
tree3dc79d831cb73bc25b92f5a4d18f8e328c0c570a /debian/patches/upstream-delay-bailout-for-invalid-authenticating-user.patch
parent3e6f76c7039d3df22b1d0a3a5f30150efb09b69d (diff)
parent16a47fc4b04977a14f44dd433c8da1499fa80671 (diff)
New upstream release (7.8p1)
Closes: #907534
Diffstat (limited to 'debian/patches/upstream-delay-bailout-for-invalid-authenticating-user.patch')
-rw-r--r--debian/patches/upstream-delay-bailout-for-invalid-authenticating-user.patch153
1 files changed, 0 insertions, 153 deletions
diff --git a/debian/patches/upstream-delay-bailout-for-invalid-authenticating-user.patch b/debian/patches/upstream-delay-bailout-for-invalid-authenticating-user.patch
deleted file mode 100644
index 737a9f48d..000000000
--- a/debian/patches/upstream-delay-bailout-for-invalid-authenticating-user.patch
+++ /dev/null
@@ -1,153 +0,0 @@
1From c4ca1497658e0508e8595ad74978c07bc92a18e3 Mon Sep 17 00:00:00 2001
2From: "djm@openbsd.org" <djm@openbsd.org>
3Date: Tue, 31 Jul 2018 03:10:27 +0000
4Subject: upstream: delay bailout for invalid authenticating user
5MIME-Version: 1.0
6Content-Type: text/plain; charset=UTF-8
7Content-Transfer-Encoding: 8bit
8
9... until after the packet containing the request has been fully parsed.
10Reported by Dariusz Tytko and MichaƂ Sajdak; ok deraadt
11
12OpenBSD-Commit-ID: b4891882fbe413f230fe8ac8a37349b03bd0b70d
13
14Origin: backport, http://anongit.mindrot.org/openssh.git/commit/?id=74287f5df9966a0648b4a68417451dd18f079ab8
15Bug-Debian: https://bugs.debian.org/906236
16Last-Update: 2018-08-17
17
18Patch-Name: upstream-delay-bailout-for-invalid-authenticating-user.patch
19---
20 auth2-gss.c | 9 ++++++---
21 auth2-hostbased.c | 9 +++++----
22 auth2-pubkey.c | 23 ++++++++++++++---------
23 3 files changed, 25 insertions(+), 16 deletions(-)
24
25diff --git a/auth2-gss.c b/auth2-gss.c
26index fd411d3a7..88bc3ae7b 100644
27--- a/auth2-gss.c
28+++ b/auth2-gss.c
29@@ -104,9 +104,6 @@ userauth_gssapi(struct ssh *ssh)
30 u_int len;
31 u_char *doid = NULL;
32
33- if (!authctxt->valid || authctxt->user == NULL)
34- return (0);
35-
36 mechs = packet_get_int();
37 if (mechs == 0) {
38 debug("Mechanism negotiation is not supported");
39@@ -137,6 +134,12 @@ userauth_gssapi(struct ssh *ssh)
40 return (0);
41 }
42
43+ if (!authctxt->valid || authctxt->user == NULL) {
44+ debug2("%s: disabled because of invalid user", __func__);
45+ free(doid);
46+ return (0);
47+ }
48+
49 if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) {
50 if (ctxt != NULL)
51 ssh_gssapi_delete_ctx(&ctxt);
52diff --git a/auth2-hostbased.c b/auth2-hostbased.c
53index 8996f7e05..82a7dcdae 100644
54--- a/auth2-hostbased.c
55+++ b/auth2-hostbased.c
56@@ -67,10 +67,6 @@ userauth_hostbased(struct ssh *ssh)
57 size_t alen, blen, slen;
58 int r, pktype, authenticated = 0;
59
60- if (!authctxt->valid) {
61- debug2("%s: disabled because of invalid user", __func__);
62- return 0;
63- }
64 /* XXX use sshkey_froms() */
65 if ((r = sshpkt_get_cstring(ssh, &pkalg, &alen)) != 0 ||
66 (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0 ||
67@@ -118,6 +114,11 @@ userauth_hostbased(struct ssh *ssh)
68 goto done;
69 }
70
71+ if (!authctxt->valid || authctxt->user == NULL) {
72+ debug2("%s: disabled because of invalid user", __func__);
73+ goto done;
74+ }
75+
76 if ((b = sshbuf_new()) == NULL)
77 fatal("%s: sshbuf_new failed", __func__);
78 /* reconstruct packet */
79diff --git a/auth2-pubkey.c b/auth2-pubkey.c
80index 8024b1d6a..a9272b97f 100644
81--- a/auth2-pubkey.c
82+++ b/auth2-pubkey.c
83@@ -89,19 +89,15 @@ userauth_pubkey(struct ssh *ssh)
84 {
85 Authctxt *authctxt = ssh->authctxt;
86 struct passwd *pw = authctxt->pw;
87- struct sshbuf *b;
88+ struct sshbuf *b = NULL;
89 struct sshkey *key = NULL;
90- char *pkalg, *userstyle = NULL, *key_s = NULL, *ca_s = NULL;
91- u_char *pkblob, *sig, have_sig;
92+ char *pkalg = NULL, *userstyle = NULL, *key_s = NULL, *ca_s = NULL;
93+ u_char *pkblob = NULL, *sig = NULL, have_sig;
94 size_t blen, slen;
95 int r, pktype;
96 int authenticated = 0;
97 struct sshauthopt *authopts = NULL;
98
99- if (!authctxt->valid) {
100- debug2("%s: disabled because of invalid user", __func__);
101- return 0;
102- }
103 if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 ||
104 (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
105 (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0)
106@@ -168,6 +164,11 @@ userauth_pubkey(struct ssh *ssh)
107 fatal("%s: sshbuf_put_string session id: %s",
108 __func__, ssh_err(r));
109 }
110+ if (!authctxt->valid || authctxt->user == NULL) {
111+ debug2("%s: disabled because of invalid user",
112+ __func__);
113+ goto done;
114+ }
115 /* reconstruct packet */
116 xasprintf(&userstyle, "%s%s%s", authctxt->user,
117 authctxt->style ? ":" : "",
118@@ -184,7 +185,6 @@ userauth_pubkey(struct ssh *ssh)
119 #ifdef DEBUG_PK
120 sshbuf_dump(b, stderr);
121 #endif
122-
123 /* test for correct signature */
124 authenticated = 0;
125 if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) &&
126@@ -193,7 +193,6 @@ userauth_pubkey(struct ssh *ssh)
127 authenticated = 1;
128 }
129 sshbuf_free(b);
130- free(sig);
131 auth2_record_key(authctxt, authenticated, key);
132 } else {
133 debug("%s: test pkalg %s pkblob %s%s%s",
134@@ -204,6 +203,11 @@ userauth_pubkey(struct ssh *ssh)
135 if ((r = sshpkt_get_end(ssh)) != 0)
136 fatal("%s: %s", __func__, ssh_err(r));
137
138+ if (!authctxt->valid || authctxt->user == NULL) {
139+ debug2("%s: disabled because of invalid user",
140+ __func__);
141+ goto done;
142+ }
143 /* XXX fake reply and always send PK_OK ? */
144 /*
145 * XXX this allows testing whether a user is allowed
146@@ -237,6 +241,7 @@ done:
147 free(pkblob);
148 free(key_s);
149 free(ca_s);
150+ free(sig);
151 return authenticated;
152 }
153