Bugzilla – Attachment 790 Details for
Bug 975
Kerberos authentication timing can leak information about account validity
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
check authctxt->valid on return too
openssh-krb5-valid.patch (text/plain), 669 bytes, created by
Darren Tucker
on 2005-01-27 18:24:23 AEDT
(
hide
)
Description:
check authctxt->valid on return too
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2005-01-27 18:24:23 AEDT
Size:
669 bytes
patch
obsolete
>Index: auth-krb5.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-krb5.c,v >retrieving revision 1.25 >diff -u -p -r1.25 auth-krb5.c >--- auth-krb5.c 11 Sep 2004 13:32:09 -0000 1.25 >+++ auth-krb5.c 27 Jan 2005 07:15:56 -0000 >@@ -75,9 +75,6 @@ auth_krb5_password(Authctxt *authctxt, c > krb5_ccache ccache = NULL; > int len; > >- if (!authctxt->valid) >- return (0); >- > temporarily_use_uid(authctxt->pw); > > problem = krb5_init(authctxt); >@@ -213,7 +210,7 @@ auth_krb5_password(Authctxt *authctxt, c > else > return (0); > } >- return (1); >+ return (authctxt->valid ? 1 : 0); > } > > void
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=790">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 975
:
778
| 790 |
1029