Bugzilla – Attachment 765 Details for
Bug 971
keyboard-interactive/pam leaks info about user existence
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Make kbdint code call driver even for non-existent users
openbsd-sshd-kbdint-leak.patch (text/plain), 977 bytes, created by
Darren Tucker
on 2005-01-11 18:08:05 AEDT
(
hide
)
Description:
Make kbdint code call driver even for non-existent users
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2005-01-11 18:08:05 AEDT
Size:
977 bytes
patch
obsolete
>Index: auth2-chall.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/auth2-chall.c,v >retrieving revision 1.21 >diff -u -p -r1.21 auth2-chall.c >--- auth2-chall.c 1 Jun 2004 14:20:45 -0000 1.21 >+++ auth2-chall.c 6 Jul 2004 12:13:10 -0000 >@@ -268,12 +268,9 @@ input_userauth_info_response(int type, u > } > packet_check_eom(); > >- if (authctxt->valid) { >- res = kbdintctxt->device->respond(kbdintctxt->ctxt, >- nresp, response); >- } else { >- res = -1; >- } >+ res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response); >+ if (!authctxt->valid) >+ res = 1; /* keep going if login invalid */ > > for (i = 0; i < nresp; i++) { > memset(response[i], 'r', strlen(response[i])); >@@ -285,7 +282,7 @@ input_userauth_info_response(int type, u > switch (res) { > case 0: > /* Success! */ >- authenticated = 1; >+ authenticated = authctxt->valid ? 1 : 0; > break; > case 1: > /* Authentication needs further interaction */
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=765">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 971
:
765
|
766
|
771
|
775