Bug 1638

Summary:

Skip the initial empty-password check

Product:

Portable OpenSSH

Reporter:

jchadima

Component:

sshd

Assignee:

Assigned to nobody <unassigned-bugs>

Status:

CLOSED FIXED

Severity:

normal

CC:

djm, dtucker

Priority:

Version:

5.2p1

Hardware:

Other

OS:

Linux

Bug Depends on:

Bug Blocks:

1708

Attachments:

Description	Flags
Patch solving the problem	none

Description jchadima 2009-08-31 18:04:42 AEST

Skip the initial empty-password check if permit_empty_passwd is disabled. This doesn't change the timing profiles of the host because the additional condition check which can short-circuit the call to pam_authenticate() has no dependency on the identity of the user who is being authenticated.

Comment 1 jchadima 2009-08-31 18:05:59 AEST

Created attachment 1684 [details]
Patch solving the problem

Comment 2 Darren Tucker 2009-10-23 11:06:31 AEDT

Seems reasonable, adding to the list for 5.4

Comment 3 Damien Miller 2010-06-25 21:20:03 AEST

Patch applied - thanks.

Comment 4 Damien Miller 2011-01-24 12:33:34 AEDT

Move resolved bugs to CLOSED after 5.7 release