Mercurial Mercurial > upstream > oracle > userland-gate / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
24597931 PAM_BUGFIX by-passes fake password for timing attack avoidance
authorTomas Kuthan <tomas.kuthan@oracle.com>
Tue, 20 Sep 2016 03:54:40 -0700
changeset 6931 f6f7269f85a9
parent 6930 31ef2580c45d
child 6932 ae9e3811b2ec
24597931 PAM_BUGFIX by-passes fake password for timing attack avoidance
components/openssh/patches/015-pam_conversation_fix.patch file | annotate | diff | comparison | revisions 
--- a/components/openssh/patches/015-pam_conversation_fix.patch	Tue Sep 20 03:54:40 2016 -0700
+++ b/components/openssh/patches/015-pam_conversation_fix.patch	Tue Sep 20 03:54:40 2016 -0700
@@ -61,7 +61,7 @@
  		sshpam_password = fake = fake_password(password);
  
 +#ifdef PAM_BUGFIX
-+        sshpam_err = pam_set_item(sshpam_handle, PAM_AUTHTOK, password);
++        sshpam_err = pam_set_item(sshpam_handle, PAM_AUTHTOK, sshpam_password);
 +        if (sshpam_err != PAM_SUCCESS) {
 +                debug("PAM: %s: failed to set PAM_AUTHTOK: %s", __func__,
 +                    pam_strerror(sshpam_handle, sshpam_err));
upstream/oracle/userland-gate