summaryrefslogtreecommitdiff
path: root/debian/patches
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2015-08-19 18:44:47 +0100
committerColin Watson <cjwatson@debian.org>2015-08-19 18:45:49 +0100
commit6461fa1951314cf8c8ee9a7999f987b8003f4ff6 (patch)
treebcbcccfa77e1754cbc711f42b67f3c5a4105bc28 /debian/patches
parentd2d9171e73cd2db10fabf9dd4924d3dcd5f13c7a (diff)
parentba9e0b1d4edf5876b289affd9d31bab493f0d0a4 (diff)
CVE-2015-5600: sshd(8): Fix circumvention of MaxAuthTries using keyboard-interactive authentication (closes: #793616).
Diffstat (limited to 'debian/patches')
-rw-r--r--debian/patches/backport-kbdint-duplicates.patch53
-rw-r--r--debian/patches/series1
2 files changed, 54 insertions, 0 deletions
diff --git a/debian/patches/backport-kbdint-duplicates.patch b/debian/patches/backport-kbdint-duplicates.patch
new file mode 100644
index 000000000..0973503c9
--- /dev/null
+++ b/debian/patches/backport-kbdint-duplicates.patch
@@ -0,0 +1,53 @@
1From ba9e0b1d4edf5876b289affd9d31bab493f0d0a4 Mon Sep 17 00:00:00 2001
2From: "djm@openbsd.org" <djm@openbsd.org>
3Date: Sat, 18 Jul 2015 07:57:14 +0000
4Subject: only query each keyboard-interactive device once per authentication
5 request regardless of how many times it is listed
6
7ok markus@
8
9Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=5b64f85bb811246c59ebab70aed331f26ba37b18
10Forwarded: not-needed
11Last-Update: 2015-08-19
12
13Patch-Name: backport-kbdint-duplicates.patch
14---
15 auth2-chall.c | 11 ++++++++---
16 1 file changed, 8 insertions(+), 3 deletions(-)
17
18diff --git a/auth2-chall.c b/auth2-chall.c
19index ddabe1a..4aff09d 100644
20--- a/auth2-chall.c
21+++ b/auth2-chall.c
22@@ -1,4 +1,4 @@
23-/* $OpenBSD: auth2-chall.c,v 1.42 2015/01/19 20:07:45 markus Exp $ */
24+/* $OpenBSD: auth2-chall.c,v 1.43 2015/07/18 07:57:14 djm Exp $ */
25 /*
26 * Copyright (c) 2001 Markus Friedl. All rights reserved.
27 * Copyright (c) 2001 Per Allansson. All rights reserved.
28@@ -83,6 +83,7 @@ struct KbdintAuthctxt
29 void *ctxt;
30 KbdintDevice *device;
31 u_int nreq;
32+ u_int devices_done;
33 };
34
35 #ifdef USE_PAM
36@@ -169,11 +170,15 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt)
37 if (len == 0)
38 break;
39 for (i = 0; devices[i]; i++) {
40- if (!auth2_method_allowed(authctxt,
41+ if ((kbdintctxt->devices_done & (1 << i)) != 0 ||
42+ !auth2_method_allowed(authctxt,
43 "keyboard-interactive", devices[i]->name))
44 continue;
45- if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
46+ if (strncmp(kbdintctxt->devices, devices[i]->name,
47+ len) == 0) {
48 kbdintctxt->device = devices[i];
49+ kbdintctxt->devices_done |= 1 << i;
50+ }
51 }
52 t = kbdintctxt->devices;
53 kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
diff --git a/debian/patches/series b/debian/patches/series
index 1a843eac8..188ec8abc 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -30,3 +30,4 @@ debian-config.patch
30backport-fix-pty-permissions.patch 30backport-fix-pty-permissions.patch
31backport-do-not-resend-username-to-pam.patch 31backport-do-not-resend-username-to-pam.patch
32backport-pam-use-after-free.patch 32backport-pam-use-after-free.patch
33backport-kbdint-duplicates.patch