diff options
| author | Colin Watson <cjwatson@debian.org> | 2015-08-19 18:44:47 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2015-08-19 18:45:49 +0100 |
| commit | 6461fa1951314cf8c8ee9a7999f987b8003f4ff6 (patch) | |
| tree | bcbcccfa77e1754cbc711f42b67f3c5a4105bc28 /debian/patches | |
| parent | d2d9171e73cd2db10fabf9dd4924d3dcd5f13c7a (diff) | |
| parent | ba9e0b1d4edf5876b289affd9d31bab493f0d0a4 (diff) | |
CVE-2015-5600: sshd(8): Fix circumvention of MaxAuthTries using keyboard-interactive authentication (closes: #793616).
Diffstat (limited to 'debian/patches')
| -rw-r--r-- | debian/patches/backport-kbdint-duplicates.patch | 53 | ||||
| -rw-r--r-- | debian/patches/series | 1 |
2 files changed, 54 insertions, 0 deletions
diff --git a/debian/patches/backport-kbdint-duplicates.patch b/debian/patches/backport-kbdint-duplicates.patch new file mode 100644 index 000000000..0973503c9 --- /dev/null +++ b/debian/patches/backport-kbdint-duplicates.patch | |||
| @@ -0,0 +1,53 @@ | |||
| 1 | From ba9e0b1d4edf5876b289affd9d31bab493f0d0a4 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: "djm@openbsd.org" <djm@openbsd.org> | ||
| 3 | Date: Sat, 18 Jul 2015 07:57:14 +0000 | ||
| 4 | Subject: only query each keyboard-interactive device once per authentication | ||
| 5 | request regardless of how many times it is listed | ||
| 6 | |||
| 7 | ok markus@ | ||
| 8 | |||
| 9 | Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=5b64f85bb811246c59ebab70aed331f26ba37b18 | ||
| 10 | Forwarded: not-needed | ||
| 11 | Last-Update: 2015-08-19 | ||
| 12 | |||
| 13 | Patch-Name: backport-kbdint-duplicates.patch | ||
| 14 | --- | ||
| 15 | auth2-chall.c | 11 ++++++++--- | ||
| 16 | 1 file changed, 8 insertions(+), 3 deletions(-) | ||
| 17 | |||
| 18 | diff --git a/auth2-chall.c b/auth2-chall.c | ||
| 19 | index ddabe1a..4aff09d 100644 | ||
| 20 | --- a/auth2-chall.c | ||
| 21 | +++ b/auth2-chall.c | ||
| 22 | @@ -1,4 +1,4 @@ | ||
| 23 | -/* $OpenBSD: auth2-chall.c,v 1.42 2015/01/19 20:07:45 markus Exp $ */ | ||
| 24 | +/* $OpenBSD: auth2-chall.c,v 1.43 2015/07/18 07:57:14 djm Exp $ */ | ||
| 25 | /* | ||
| 26 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | ||
| 27 | * Copyright (c) 2001 Per Allansson. All rights reserved. | ||
| 28 | @@ -83,6 +83,7 @@ struct KbdintAuthctxt | ||
| 29 | void *ctxt; | ||
| 30 | KbdintDevice *device; | ||
| 31 | u_int nreq; | ||
| 32 | + u_int devices_done; | ||
| 33 | }; | ||
| 34 | |||
| 35 | #ifdef USE_PAM | ||
| 36 | @@ -169,11 +170,15 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt) | ||
| 37 | if (len == 0) | ||
| 38 | break; | ||
| 39 | for (i = 0; devices[i]; i++) { | ||
| 40 | - if (!auth2_method_allowed(authctxt, | ||
| 41 | + if ((kbdintctxt->devices_done & (1 << i)) != 0 || | ||
| 42 | + !auth2_method_allowed(authctxt, | ||
| 43 | "keyboard-interactive", devices[i]->name)) | ||
| 44 | continue; | ||
| 45 | - if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0) | ||
| 46 | + if (strncmp(kbdintctxt->devices, devices[i]->name, | ||
| 47 | + len) == 0) { | ||
| 48 | kbdintctxt->device = devices[i]; | ||
| 49 | + kbdintctxt->devices_done |= 1 << i; | ||
| 50 | + } | ||
| 51 | } | ||
| 52 | t = kbdintctxt->devices; | ||
| 53 | kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL; | ||
diff --git a/debian/patches/series b/debian/patches/series index 1a843eac8..188ec8abc 100644 --- a/debian/patches/series +++ b/debian/patches/series | |||
| @@ -30,3 +30,4 @@ debian-config.patch | |||
| 30 | backport-fix-pty-permissions.patch | 30 | backport-fix-pty-permissions.patch |
| 31 | backport-do-not-resend-username-to-pam.patch | 31 | backport-do-not-resend-username-to-pam.patch |
| 32 | backport-pam-use-after-free.patch | 32 | backport-pam-use-after-free.patch |
| 33 | backport-kbdint-duplicates.patch | ||