Hello,
Here's a patch related to changes from CVE-2018-10933:
Keyboard Interactive Authentication as server always fails (on new packet
filtering) because SSH_AUTH_STATE_INFO is not correctly set on Keyboard
Interactive request.
This can be tested with samplesshd-kbdint example.
This patch set correct state on keyboard interactive request.
Regards,
Meng
From d857bd55f141eb25e8478888200260a73f39ad7b Mon Sep 17 00:00:00 2001
From: Meng Tan <m...@wallix.com>
Date: Wed, 17 Oct 2018 14:50:08 +0200
Subject: [PATCH] Set correct state after sending INFO_REQUEST (Kbd
Interactive)
Signed-off-by: Meng Tan <m...@wallix.com>
---
src/server.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/server.c b/src/server.c
index e14636ec..84cc4f7a 100644
--- a/src/server.c
+++ b/src/server.c
@@ -1039,6 +1039,7 @@ int ssh_message_auth_interactive_request(ssh_message msg, const char *name,
msg->session->kbdint->prompts = NULL;
msg->session->kbdint->echo = NULL;
}
+ msg->session->auth.state = SSH_AUTH_STATE_INFO;
return rc;
}
--
2.11.0
