summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--auth2-passwd.c31
1 files changed, 14 insertions, 17 deletions
diff --git a/auth2-passwd.c b/auth2-passwd.c
index b638e8715..d36b0cba3 100644
--- a/auth2-passwd.c
+++ b/auth2-passwd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-passwd.c,v 1.12 2014/07/15 15:54:14 millert Exp $ */ 1/* $OpenBSD: auth2-passwd.c,v 1.13 2017/05/30 14:26:49 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -30,10 +30,10 @@
30#include <string.h> 30#include <string.h>
31#include <stdarg.h> 31#include <stdarg.h>
32 32
33#include "xmalloc.h"
34#include "packet.h" 33#include "packet.h"
34#include "ssherr.h"
35#include "log.h" 35#include "log.h"
36#include "key.h" 36#include "sshkey.h"
37#include "hostfile.h" 37#include "hostfile.h"
38#include "auth.h" 38#include "auth.h"
39#include "buffer.h" 39#include "buffer.h"
@@ -50,24 +50,21 @@ extern ServerOptions options;
50static int 50static int
51userauth_passwd(Authctxt *authctxt) 51userauth_passwd(Authctxt *authctxt)
52{ 52{
53 char *password, *newpass; 53 struct ssh *ssh = active_state; /* XXX */
54 int authenticated = 0; 54 char *password;
55 int change; 55 int authenticated = 0, r;
56 u_int len, newlen; 56 u_char change;
57 size_t len;
57 58
58 change = packet_get_char(); 59 if ((r = sshpkt_get_u8(ssh, &change)) != 0 ||
59 password = packet_get_string(&len); 60 (r = sshpkt_get_cstring(ssh, &password, &len)) != 0 ||
60 if (change) { 61 (change && (r = sshpkt_get_cstring(ssh, NULL, NULL)) != 0) ||
61 /* discard new password from packet */ 62 (r = sshpkt_get_end(ssh)) != 0)
62 newpass = packet_get_string(&newlen); 63 fatal("%s: %s", __func__, ssh_err(r));
63 explicit_bzero(newpass, newlen);
64 free(newpass);
65 }
66 packet_check_eom();
67 64
68 if (change) 65 if (change)
69 logit("password change not supported"); 66 logit("password change not supported");
70 else if (PRIVSEP(auth_password(authctxt, password)) == 1) 67 else if (PRIVSEP(auth_password(ssh->authctxt, password)) == 1)
71 authenticated = 1; 68 authenticated = 1;
72 explicit_bzero(password, len); 69 explicit_bzero(password, len);
73 free(password); 70 free(password);