summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog4
-rw-r--r--sshconnect2.c21
2 files changed, 24 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 5ec1345c3..53dcc62fd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,10 @@
20 [authfile.c] 20 [authfile.c]
21 switch from 3DES to AES-128 for encryption of passphrase-protected 21 switch from 3DES to AES-128 for encryption of passphrase-protected
22 SSH protocol 2 private keys; ok several 22 SSH protocol 2 private keys; ok several
23 - djm@cvs.openbsd.org 2009/10/23 01:57:11
24 [sshconnect2.c]
25 disallow a hostile server from checking jpake auth by sending an
26 out-of-sequence success message. (doesn't affect code enabled by default)
23 27
2420091011 2820091011
25 - (dtucker) [configure.ac sftp-client.c] Remove the gyrations required for 29 - (dtucker) [configure.ac sftp-client.c] Remove the gyrations required for
diff --git a/sshconnect2.c b/sshconnect2.c
index 260c6307a..1e0e9d5e1 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect2.c,v 1.171 2009/03/05 07:18:19 djm Exp $ */ 1/* $OpenBSD: sshconnect2.c,v 1.172 2009/10/23 01:57:11 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Damien Miller. All rights reserved. 4 * Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -210,6 +210,7 @@ struct Authmethod {
210}; 210};
211 211
212void input_userauth_success(int, u_int32_t, void *); 212void input_userauth_success(int, u_int32_t, void *);
213void input_userauth_success_unexpected(int, u_int32_t, void *);
213void input_userauth_failure(int, u_int32_t, void *); 214void input_userauth_failure(int, u_int32_t, void *);
214void input_userauth_banner(int, u_int32_t, void *); 215void input_userauth_banner(int, u_int32_t, void *);
215void input_userauth_error(int, u_int32_t, void *); 216void input_userauth_error(int, u_int32_t, void *);
@@ -427,12 +428,15 @@ void
427input_userauth_success(int type, u_int32_t seq, void *ctxt) 428input_userauth_success(int type, u_int32_t seq, void *ctxt)
428{ 429{
429 Authctxt *authctxt = ctxt; 430 Authctxt *authctxt = ctxt;
431
430 if (authctxt == NULL) 432 if (authctxt == NULL)
431 fatal("input_userauth_success: no authentication context"); 433 fatal("input_userauth_success: no authentication context");
432 if (authctxt->authlist) { 434 if (authctxt->authlist) {
433 xfree(authctxt->authlist); 435 xfree(authctxt->authlist);
434 authctxt->authlist = NULL; 436 authctxt->authlist = NULL;
435 } 437 }
438 if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
439 authctxt->method->cleanup(authctxt);
436 if (authctxt->methoddata) { 440 if (authctxt->methoddata) {
437 xfree(authctxt->methoddata); 441 xfree(authctxt->methoddata);
438 authctxt->methoddata = NULL; 442 authctxt->methoddata = NULL;
@@ -440,6 +444,18 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt)
440 authctxt->success = 1; /* break out */ 444 authctxt->success = 1; /* break out */
441} 445}
442 446
447void
448input_userauth_success_unexpected(int type, u_int32_t seq, void *ctxt)
449{
450 Authctxt *authctxt = ctxt;
451
452 if (authctxt == NULL)
453 fatal("%s: no authentication context", __func__);
454
455 fatal("Unexpected authentication success during %s.",
456 authctxt->method->name);
457}
458
443/* ARGSUSED */ 459/* ARGSUSED */
444void 460void
445input_userauth_failure(int type, u_int32_t seq, void *ctxt) 461input_userauth_failure(int type, u_int32_t seq, void *ctxt)
@@ -1709,6 +1725,8 @@ userauth_jpake(Authctxt *authctxt)
1709 /* Expect step 1 packet from peer */ 1725 /* Expect step 1 packet from peer */
1710 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1, 1726 dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1,
1711 input_userauth_jpake_server_step1); 1727 input_userauth_jpake_server_step1);
1728 dispatch_set(SSH2_MSG_USERAUTH_SUCCESS,
1729 &input_userauth_success_unexpected);
1712 1730
1713 return 1; 1731 return 1;
1714} 1732}
@@ -1721,6 +1739,7 @@ userauth_jpake_cleanup(Authctxt *authctxt)
1721 jpake_free(authctxt->methoddata); 1739 jpake_free(authctxt->methoddata);
1722 authctxt->methoddata = NULL; 1740 authctxt->methoddata = NULL;
1723 } 1741 }
1742 dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
1724} 1743}
1725#endif /* JPAKE */ 1744#endif /* JPAKE */
1726 1745