From 1153b38f4612d93ca7f8dfa6756d6ed64338b281 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 28 Nov 2004 17:59:30 +0000
Subject: Merge from HEAD:   Fix timing information leak allowing discovery of
 invalid usernames in PAM   keyboard-interactive authentication (backported
 from a patch by Darren   Tucker; closes: #281595).

---
 auth-pam.c       |  6 +++++-
 auth2-chall.c    | 11 ++++-------
 debian/changelog |  3 +++
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/auth-pam.c b/auth-pam.c
index 701d85b64..ec3b74951 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -169,6 +169,7 @@ static int sshpam_cred_established = 0;
 static int sshpam_account_status = -1;
 static char **sshpam_env = NULL;
 static Authctxt *sshpam_authctxt = NULL;
+static char badpw[] = "\b\n\r\177INCORRECT";
 
 /* Some PAM implementations don't implement this */
 #ifndef HAVE_PAM_GETENVLIST
@@ -644,7 +645,10 @@ sshpam_respond(void *ctx, u_int num, char **resp)
 		return (-1);
 	}
 	buffer_init(&buffer);
-	buffer_put_cstring(&buffer, *resp);
+	if (sshpam_authctxt->valid)
+		buffer_put_cstring(&buffer, *resp);
+	else
+		buffer_put_cstring(&buffer, badpw);
 	if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) {
 		buffer_free(&buffer);
 		return (-1);
diff --git a/auth2-chall.c b/auth2-chall.c
index aacbf0bcc..0f08b05c6 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -275,12 +275,9 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
 	}
 	packet_check_eom();
 
-	if (authctxt->valid) {
-		res = kbdintctxt->device->respond(kbdintctxt->ctxt,
-		    nresp, response);
-	} else {
-		res = -1;
-	}
+	res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response);
+	if (!authctxt->valid)
+		res = 1;	/* keep going if login invalid */
 
 	for (i = 0; i < nresp; i++) {
 		memset(response[i], 'r', strlen(response[i]));
@@ -292,7 +289,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
 	switch (res) {
 	case 0:
 		/* Success! */
-		authenticated = 1;
+		authenticated = authctxt->valid ? 1 : 0;
 		break;
 	case 1:
 		/* Authentication needs further interaction */
diff --git a/debian/changelog b/debian/changelog
index 19840ae9b..81e80f639 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,9 @@
 openssh (1:3.8.1p1-14) UNRELEASED; urgency=low
 
   * We use DH_COMPAT=2, so build-depend on debhelper (>= 2).
+  * Fix timing information leak allowing discovery of invalid usernames in
+    PAM keyboard-interactive authentication (backported from a patch by
+    Darren Tucker; closes: #281595).
 
  -- Colin Watson <cjwatson@debian.org>  Sun, 28 Nov 2004 17:52:23 +0000
 
-- 
cgit v1.2.3