author | Huie-Ying Lee <huieying.lee@oracle.com> |
Tue, 28 Jul 2015 14:47:36 -0700 | |
changeset 4709 | fd98db93ff7c |
permissions | -rw-r--r-- |
4709
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
1 |
# |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
2 |
# This is to fix a keyboard-interactive authentication brute force |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
3 |
# vulnerability (MaxAuthTries bypass). A CVE number (CVE-2015-5600) has been |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
4 |
# reserved for this problem, but not officially issued yet. This fix came from |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
5 |
# OpenSSH upstream, which will be included in the future OpenSSH 7.0p1 release. |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
6 |
# When we upgrade OpenSSH to 7.0 in the future, we will remove this patch. |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
7 |
# |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
8 |
--- orig/auth2-chall.c Fri Jul 24 17:36:37 2015 |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
9 |
+++ new/auth2-chall.c Fri Jul 24 17:47:21 2015 |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
10 |
@@ -83,6 +83,7 @@ |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
11 |
void *ctxt; |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
12 |
KbdintDevice *device; |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
13 |
u_int nreq; |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
14 |
+ u_int devices_done; |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
15 |
}; |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
16 |
|
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
17 |
#ifdef USE_PAM |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
18 |
@@ -169,11 +170,15 @@ |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
19 |
if (len == 0) |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
20 |
break; |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
21 |
for (i = 0; devices[i]; i++) { |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
22 |
- if (!auth2_method_allowed(authctxt, |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
23 |
+ if ((kbdintctxt->devices_done & (1 << i)) != 0 || |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
24 |
+ !auth2_method_allowed(authctxt, |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
25 |
"keyboard-interactive", devices[i]->name)) |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
26 |
continue; |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
27 |
- if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0) |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
28 |
+ if (strncmp(kbdintctxt->devices, devices[i]->name, |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
29 |
+ len) == 0) { |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
30 |
kbdintctxt->device = devices[i]; |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
31 |
+ kbdintctxt->devices_done |= 1 << i; |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
32 |
+ } |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
33 |
} |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
34 |
t = kbdintctxt->devices; |
fd98db93ff7c
21509846 problem in UTILITY/OPENSSH
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
35 |
kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL; |