CVS commit: [netbsd-7] src/crypto/external/bsd/openssh/dist

Fri, 31 Jul 2015 09:50:03 -0700 

Module Name:    src
Committed By:   snj
Date:           Fri Jul 31 16:49:41 UTC 2015

Modified Files:
        src/crypto/external/bsd/openssh/dist [netbsd-7]: auth2-chall.c

Log Message:
Pull up following revision(s) (requested by christos in ticket #916):
        crypto/external/bsd/openssh/dist/auth2-chall.c: revision 1.8
>From FreeBSD:
A remote attacker may effectively bypass MaxAuthTries settings, which would
enable them to brute force passwords. [CVE-2015-5600]


To generate a diff of this commit:
cvs rdiff -u -r1.5.4.1 -r1.5.4.2 \
    src/crypto/external/bsd/openssh/dist/auth2-chall.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth2-chall.c
diff -u src/crypto/external/bsd/openssh/dist/auth2-chall.c:1.5.4.1 src/crypto/external/bsd/openssh/dist/auth2-chall.c:1.5.4.2
--- src/crypto/external/bsd/openssh/dist/auth2-chall.c:1.5.4.1	Thu Apr 30 06:07:30 2015
+++ src/crypto/external/bsd/openssh/dist/auth2-chall.c	Fri Jul 31 16:49:41 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth2-chall.c,v 1.5.4.1 2015/04/30 06:07:30 riz Exp $	*/
+/*	$NetBSD: auth2-chall.c,v 1.5.4.2 2015/07/31 16:49:41 snj Exp $	*/
 /* $OpenBSD: auth2-chall.c,v 1.42 2015/01/19 20:07:45 markus Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -26,7 +26,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth2-chall.c,v 1.5.4.1 2015/04/30 06:07:30 riz Exp $");
+__RCSID("$NetBSD: auth2-chall.c,v 1.5.4.2 2015/07/31 16:49:41 snj Exp $");
 #include <sys/types.h>
 
 #include <stdio.h>
@@ -83,6 +83,7 @@ struct KbdintAuthctxt
 	void *ctxt;
 	KbdintDevice *device;
 	u_int nreq;
+	u_int devices_done;
 };
 
 #ifdef USE_PAM
@@ -170,11 +171,15 @@ kbdint_next_device(Authctxt *authctxt, K
 		if (len == 0)
 			break;
 		for (i = 0; devices[i]; i++) {
-			if (!auth2_method_allowed(authctxt,
+			if ((kbdintctxt->devices_done & (1 << i)) != 0 ||
+			    !auth2_method_allowed(authctxt,
 			    "keyboard-interactive", devices[i]->name))
 				continue;
-			if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
+			if (strncmp(kbdintctxt->devices, devices[i]->name,
+			    len) == 0) {
 				kbdintctxt->device = devices[i];
+				kbdintctxt->devices_done |= 1 << i;
+			}
 		}
 		t = kbdintctxt->devices;
 		kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;

Reply via email to