1638 – Skip the initial empty-password check

Bug 1638 - Skip the initial empty-password check

Summary: Skip the initial empty-password check

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sshd (show other bugs)
Version:	5.2p1
Hardware:	Other Linux

Importance:	P2 normal
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:	V_5_6
	Show dependency tree / graph

Reported:	2009-08-31 18:04 AEST by jchadima
Modified:	2011-01-24 12:33 AEDT (History)
CC List:	2 users (show)

See Also:

Attachments
Patch solving the problem (1.10 KB, patch) 2009-08-31 18:05 AEST, jchadima	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description jchadima 2009-08-31 18:04:42 AEST

Skip the initial empty-password check if permit_empty_passwd is disabled. This doesn't change the timing profiles of the host because the additional condition check which can short-circuit the call to pam_authenticate() has no dependency on the identity of the user who is being authenticated.

Comment 1 jchadima 2009-08-31 18:05:59 AEST

Created attachment 1684 [details]
Patch solving the problem

Comment 2 Darren Tucker 2009-10-23 11:06:31 AEDT

Seems reasonable, adding to the list for 5.4

Comment 3 Damien Miller 2010-06-25 21:20:03 AEST

Patch applied - thanks.

Comment 4 Damien Miller 2011-01-24 12:33:34 AEDT

Move resolved bugs to CLOSED after 5.7 release