Module Name: src Committed By: snj Date: Fri Jul 31 16:49:41 UTC 2015
Modified Files: src/crypto/external/bsd/openssh/dist [netbsd-7]: auth2-chall.c Log Message: Pull up following revision(s) (requested by christos in ticket #916): crypto/external/bsd/openssh/dist/auth2-chall.c: revision 1.8 >From FreeBSD: A remote attacker may effectively bypass MaxAuthTries settings, which would enable them to brute force passwords. [CVE-2015-5600] To generate a diff of this commit: cvs rdiff -u -r1.5.4.1 -r1.5.4.2 \ src/crypto/external/bsd/openssh/dist/auth2-chall.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/crypto/external/bsd/openssh/dist/auth2-chall.c diff -u src/crypto/external/bsd/openssh/dist/auth2-chall.c:1.5.4.1 src/crypto/external/bsd/openssh/dist/auth2-chall.c:1.5.4.2 --- src/crypto/external/bsd/openssh/dist/auth2-chall.c:1.5.4.1 Thu Apr 30 06:07:30 2015 +++ src/crypto/external/bsd/openssh/dist/auth2-chall.c Fri Jul 31 16:49:41 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: auth2-chall.c,v 1.5.4.1 2015/04/30 06:07:30 riz Exp $ */ +/* $NetBSD: auth2-chall.c,v 1.5.4.2 2015/07/31 16:49:41 snj Exp $ */ /* $OpenBSD: auth2-chall.c,v 1.42 2015/01/19 20:07:45 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -26,7 +26,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth2-chall.c,v 1.5.4.1 2015/04/30 06:07:30 riz Exp $"); +__RCSID("$NetBSD: auth2-chall.c,v 1.5.4.2 2015/07/31 16:49:41 snj Exp $"); #include <sys/types.h> #include <stdio.h> @@ -83,6 +83,7 @@ struct KbdintAuthctxt void *ctxt; KbdintDevice *device; u_int nreq; + u_int devices_done; }; #ifdef USE_PAM @@ -170,11 +171,15 @@ kbdint_next_device(Authctxt *authctxt, K if (len == 0) break; for (i = 0; devices[i]; i++) { - if (!auth2_method_allowed(authctxt, + if ((kbdintctxt->devices_done & (1 << i)) != 0 || + !auth2_method_allowed(authctxt, "keyboard-interactive", devices[i]->name)) continue; - if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0) + if (strncmp(kbdintctxt->devices, devices[i]->name, + len) == 0) { kbdintctxt->device = devices[i]; + kbdintctxt->devices_done |= 1 << i; + } } t = kbdintctxt->devices; kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;