author  Ivo Raisr <ivo.raisr@oracle.com> 
Mon, 03 Aug 2015 15:31:47 0700  
branch  s11update 
changeset 4752  3409fc90e641 
permissions  rwrr 
4752
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

1 
# 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

2 
# This is to fix a keyboardinteractive authentication brute force 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

3 
# vulnerability (MaxAuthTries bypass). A CVE number (CVE20155600) has been 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

4 
# reserved for this problem, but not officially issued yet. This fix came from 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

5 
# OpenSSH upstream, which will be included in the future OpenSSH 7.0p1 release. 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

6 
# When we upgrade OpenSSH to 7.0 in the future, we will remove this patch. 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

7 
# 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

8 
 a/auth2chall.c Mon Aug 3 15:25:43 2015 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

9 
+++ b/auth2chall.c Mon Aug 3 15:28:17 2015 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

10 
@@ 82,6 +82,7 @@ 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

11 
void *ctxt; 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

12 
KbdintDevice *device; 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

13 
u_int nreq; 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

14 
+ u_int devices_done; 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

15 
}; 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

16 

3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

17 
#ifdef USE_PAM 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

18 
@@ 168,11 +169,15 @@ 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

19 
if (len == 0) 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

20 
break; 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

21 
for (i = 0; devices[i]; i++) { 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

22 
 if (!auth2_method_allowed(authctxt, 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

23 
+ if ((kbdintctxt>devices_done & (1 << i)) != 0  
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

24 
+ !auth2_method_allowed(authctxt, 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

25 
"keyboardinteractive", devices[i]>name)) 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

26 
continue; 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

27 
 if (strncmp(kbdintctxt>devices, devices[i]>name, len) == 0) 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

28 
+ if (strncmp(kbdintctxt>devices, devices[i]>name, 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

29 
+ len) == 0) { 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

30 
kbdintctxt>device = devices[i]; 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

31 
+ kbdintctxt>devices_done = 1 << i; 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

32 
+ } 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

33 
} 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

34 
t = kbdintctxt>devices; 
3409fc90e641
21509846 problem in UTILITY/OPENSSH
Ivo Raisr <ivo.raisr@oracle.com>
parents:
diff
changeset

35 
kbdintctxt>devices = t[len] ? xstrdup(t+len+1) : NULL; 