diff options
author | Colin Watson <cjwatson@debian.org> | 2018-08-24 12:49:36 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2018-08-30 00:57:27 +0100 |
commit | 816386e17654ca36834bebbf351419e460fad8f6 (patch) | |
tree | 3dc79d831cb73bc25b92f5a4d18f8e328c0c570a /debian/patches/upstream-delay-bailout-for-invalid-authenticating-user.patch | |
parent | 3e6f76c7039d3df22b1d0a3a5f30150efb09b69d (diff) | |
parent | 16a47fc4b04977a14f44dd433c8da1499fa80671 (diff) |
New upstream release (7.8p1)
Closes: #907534
Diffstat (limited to 'debian/patches/upstream-delay-bailout-for-invalid-authenticating-user.patch')
-rw-r--r-- | debian/patches/upstream-delay-bailout-for-invalid-authenticating-user.patch | 153 |
1 files changed, 0 insertions, 153 deletions
diff --git a/debian/patches/upstream-delay-bailout-for-invalid-authenticating-user.patch b/debian/patches/upstream-delay-bailout-for-invalid-authenticating-user.patch deleted file mode 100644 index 737a9f48d..000000000 --- a/debian/patches/upstream-delay-bailout-for-invalid-authenticating-user.patch +++ /dev/null | |||
@@ -1,153 +0,0 @@ | |||
1 | From c4ca1497658e0508e8595ad74978c07bc92a18e3 Mon Sep 17 00:00:00 2001 | ||
2 | From: "djm@openbsd.org" <djm@openbsd.org> | ||
3 | Date: Tue, 31 Jul 2018 03:10:27 +0000 | ||
4 | Subject: upstream: delay bailout for invalid authenticating user | ||
5 | MIME-Version: 1.0 | ||
6 | Content-Type: text/plain; charset=UTF-8 | ||
7 | Content-Transfer-Encoding: 8bit | ||
8 | |||
9 | ... until after the packet containing the request has been fully parsed. | ||
10 | Reported by Dariusz Tytko and MichaĆ Sajdak; ok deraadt | ||
11 | |||
12 | OpenBSD-Commit-ID: b4891882fbe413f230fe8ac8a37349b03bd0b70d | ||
13 | |||
14 | Origin: backport, http://anongit.mindrot.org/openssh.git/commit/?id=74287f5df9966a0648b4a68417451dd18f079ab8 | ||
15 | Bug-Debian: https://bugs.debian.org/906236 | ||
16 | Last-Update: 2018-08-17 | ||
17 | |||
18 | Patch-Name: upstream-delay-bailout-for-invalid-authenticating-user.patch | ||
19 | --- | ||
20 | auth2-gss.c | 9 ++++++--- | ||
21 | auth2-hostbased.c | 9 +++++---- | ||
22 | auth2-pubkey.c | 23 ++++++++++++++--------- | ||
23 | 3 files changed, 25 insertions(+), 16 deletions(-) | ||
24 | |||
25 | diff --git a/auth2-gss.c b/auth2-gss.c | ||
26 | index fd411d3a7..88bc3ae7b 100644 | ||
27 | --- a/auth2-gss.c | ||
28 | +++ b/auth2-gss.c | ||
29 | @@ -104,9 +104,6 @@ userauth_gssapi(struct ssh *ssh) | ||
30 | u_int len; | ||
31 | u_char *doid = NULL; | ||
32 | |||
33 | - if (!authctxt->valid || authctxt->user == NULL) | ||
34 | - return (0); | ||
35 | - | ||
36 | mechs = packet_get_int(); | ||
37 | if (mechs == 0) { | ||
38 | debug("Mechanism negotiation is not supported"); | ||
39 | @@ -137,6 +134,12 @@ userauth_gssapi(struct ssh *ssh) | ||
40 | return (0); | ||
41 | } | ||
42 | |||
43 | + if (!authctxt->valid || authctxt->user == NULL) { | ||
44 | + debug2("%s: disabled because of invalid user", __func__); | ||
45 | + free(doid); | ||
46 | + return (0); | ||
47 | + } | ||
48 | + | ||
49 | if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) { | ||
50 | if (ctxt != NULL) | ||
51 | ssh_gssapi_delete_ctx(&ctxt); | ||
52 | diff --git a/auth2-hostbased.c b/auth2-hostbased.c | ||
53 | index 8996f7e05..82a7dcdae 100644 | ||
54 | --- a/auth2-hostbased.c | ||
55 | +++ b/auth2-hostbased.c | ||
56 | @@ -67,10 +67,6 @@ userauth_hostbased(struct ssh *ssh) | ||
57 | size_t alen, blen, slen; | ||
58 | int r, pktype, authenticated = 0; | ||
59 | |||
60 | - if (!authctxt->valid) { | ||
61 | - debug2("%s: disabled because of invalid user", __func__); | ||
62 | - return 0; | ||
63 | - } | ||
64 | /* XXX use sshkey_froms() */ | ||
65 | if ((r = sshpkt_get_cstring(ssh, &pkalg, &alen)) != 0 || | ||
66 | (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0 || | ||
67 | @@ -118,6 +114,11 @@ userauth_hostbased(struct ssh *ssh) | ||
68 | goto done; | ||
69 | } | ||
70 | |||
71 | + if (!authctxt->valid || authctxt->user == NULL) { | ||
72 | + debug2("%s: disabled because of invalid user", __func__); | ||
73 | + goto done; | ||
74 | + } | ||
75 | + | ||
76 | if ((b = sshbuf_new()) == NULL) | ||
77 | fatal("%s: sshbuf_new failed", __func__); | ||
78 | /* reconstruct packet */ | ||
79 | diff --git a/auth2-pubkey.c b/auth2-pubkey.c | ||
80 | index 8024b1d6a..a9272b97f 100644 | ||
81 | --- a/auth2-pubkey.c | ||
82 | +++ b/auth2-pubkey.c | ||
83 | @@ -89,19 +89,15 @@ userauth_pubkey(struct ssh *ssh) | ||
84 | { | ||
85 | Authctxt *authctxt = ssh->authctxt; | ||
86 | struct passwd *pw = authctxt->pw; | ||
87 | - struct sshbuf *b; | ||
88 | + struct sshbuf *b = NULL; | ||
89 | struct sshkey *key = NULL; | ||
90 | - char *pkalg, *userstyle = NULL, *key_s = NULL, *ca_s = NULL; | ||
91 | - u_char *pkblob, *sig, have_sig; | ||
92 | + char *pkalg = NULL, *userstyle = NULL, *key_s = NULL, *ca_s = NULL; | ||
93 | + u_char *pkblob = NULL, *sig = NULL, have_sig; | ||
94 | size_t blen, slen; | ||
95 | int r, pktype; | ||
96 | int authenticated = 0; | ||
97 | struct sshauthopt *authopts = NULL; | ||
98 | |||
99 | - if (!authctxt->valid) { | ||
100 | - debug2("%s: disabled because of invalid user", __func__); | ||
101 | - return 0; | ||
102 | - } | ||
103 | if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 || | ||
104 | (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 || | ||
105 | (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0) | ||
106 | @@ -168,6 +164,11 @@ userauth_pubkey(struct ssh *ssh) | ||
107 | fatal("%s: sshbuf_put_string session id: %s", | ||
108 | __func__, ssh_err(r)); | ||
109 | } | ||
110 | + if (!authctxt->valid || authctxt->user == NULL) { | ||
111 | + debug2("%s: disabled because of invalid user", | ||
112 | + __func__); | ||
113 | + goto done; | ||
114 | + } | ||
115 | /* reconstruct packet */ | ||
116 | xasprintf(&userstyle, "%s%s%s", authctxt->user, | ||
117 | authctxt->style ? ":" : "", | ||
118 | @@ -184,7 +185,6 @@ userauth_pubkey(struct ssh *ssh) | ||
119 | #ifdef DEBUG_PK | ||
120 | sshbuf_dump(b, stderr); | ||
121 | #endif | ||
122 | - | ||
123 | /* test for correct signature */ | ||
124 | authenticated = 0; | ||
125 | if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) && | ||
126 | @@ -193,7 +193,6 @@ userauth_pubkey(struct ssh *ssh) | ||
127 | authenticated = 1; | ||
128 | } | ||
129 | sshbuf_free(b); | ||
130 | - free(sig); | ||
131 | auth2_record_key(authctxt, authenticated, key); | ||
132 | } else { | ||
133 | debug("%s: test pkalg %s pkblob %s%s%s", | ||
134 | @@ -204,6 +203,11 @@ userauth_pubkey(struct ssh *ssh) | ||
135 | if ((r = sshpkt_get_end(ssh)) != 0) | ||
136 | fatal("%s: %s", __func__, ssh_err(r)); | ||
137 | |||
138 | + if (!authctxt->valid || authctxt->user == NULL) { | ||
139 | + debug2("%s: disabled because of invalid user", | ||
140 | + __func__); | ||
141 | + goto done; | ||
142 | + } | ||
143 | /* XXX fake reply and always send PK_OK ? */ | ||
144 | /* | ||
145 | * XXX this allows testing whether a user is allowed | ||
146 | @@ -237,6 +241,7 @@ done: | ||
147 | free(pkblob); | ||
148 | free(key_s); | ||
149 | free(ca_s); | ||
150 | + free(sig); | ||
151 | return authenticated; | ||
152 | } | ||
153 | |||