From 4f9f42a9bb6a6aa8f6100d873dc6344f2f9994de Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sat, 10 May 2003 19:28:02 +1000
Subject:  - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge
 with    proper challenge-response module

---
 auth1.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'auth1.c')

diff --git a/auth1.c b/auth1.c
index e7d744f6e..5086a47c3 100644
--- a/auth1.c
+++ b/auth1.c
@@ -73,7 +73,7 @@ do_authloop(Authctxt *authctxt)
 	char info[1024];
 	u_int dlen;
 	u_int ulen;
-	int type = 0;
+	int prev, type = 0;
 	struct passwd *pw = authctxt->pw;
 
 	debug("Attempting authentication for %s%.100s.",
@@ -103,8 +103,20 @@ do_authloop(Authctxt *authctxt)
 		info[0] = '\0';
 
 		/* Get a packet from the client. */
+		prev = type;
 		type = packet_read();
 
+		/*
+		 * If we started challenge-response authentication but the
+		 * next packet is not a response to our challenge, release
+		 * the resources allocated by get_challenge() (which would
+		 * normally have been released by verify_response() had we
+		 * received such a response)
+		 */
+		if (prev == SSH_CMSG_AUTH_TIS &&
+		    type != SSH_CMSG_AUTH_TIS_RESPONSE)
+			abandon_challenge_response(authctxt);
+
 		/* Process the packet. */
 		switch (type) {
 
-- 
cgit v1.2.3