Attachment 3249 Details for Bug 2975 – Patch for "user enumeration via auth2-gss.c"

[patch] Patch for "user enumeration via auth2-gss.c"

CVE-2018-15919.patch (text/plain), 1.47 KB, created by Jason Sikes on 2019-03-05 11:03:28 AEDT

(hide)

Description:

Filename:

MIME Type:

Creator: Jason Sikes

Created: 2019-03-05 11:03:28 AEDT

Size: 1.47 KB

patch

obsolete

>diff --git a/auth2-gss.c b/auth2-gss.c
>index 9351e042..d1fd4249 100644
>--- a/auth2-gss.c
>+++ b/auth2-gss.c
>@@ -103,12 +103,6 @@ userauth_gssapi(struct ssh *ssh)
>                return (0);
>        }
> 
>-       if (!authctxt->valid || authctxt->user == NULL) {
>-               debug2("%s: disabled because of invalid user", __func__);
>-               free(doid);
>-               return (0);
>-       }
>-
>        if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) {
>                if (ctxt != NULL)
>                        ssh_gssapi_delete_ctx(&ctxt);
>diff --git a/auth2.c b/auth2.c
>index e43350c3..b6d8c3fa 100644
>--- a/auth2.c
>+++ b/auth2.c
>@@ -268,6 +268,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
>        char *user = NULL, *service = NULL, *method = NULL, *style = NULL;
>        int r, authenticated = 0;
>        double tstart = monotime_double();
>+       int was_postponed = authctxt->postponed;
> 
>        if (authctxt == NULL)
>                fatal("input_userauth_request: no authctxt");
>@@ -337,6 +338,8 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
>        if (m != NULL && authctxt->failures < options.max_authtries) {
>                debug2("input_userauth_request: try method %s", method);
>                authenticated = m->userauth(ssh);
>+               if (!authenticated && was_postponed)
>+                       authctxt->failures++;
>        }
>        if (!authctxt->authenticated)
>                ensure_minimum_time_since(tstart,

Actions: View | Diff

Attachments on bug 2975: 3249