From c6d2eca7dec83bfbc642117609984d8b40989de8 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Thu, 23 Jul 2015 11:06:11 +0200 Subject: [PATCH] only query each keyboard-interactive device once (#1245971) Upstream commit https://anongit.mindrot.org/openssh.git/commit/?id=5b64f85bb811246c59ebab70aed331f26ba37b18 --- ...h-6.9p1-authentication-limits-bypass.patch | 47 +++++++++++++++++++ openssh.spec | 3 ++ 2 files changed, 50 insertions(+) create mode 100644 openssh-6.9p1-authentication-limits-bypass.patch diff --git a/openssh-6.9p1-authentication-limits-bypass.patch b/openssh-6.9p1-authentication-limits-bypass.patch new file mode 100644 index 0000000..10bde94 --- /dev/null +++ b/openssh-6.9p1-authentication-limits-bypass.patch @@ -0,0 +1,47 @@ +From 5b64f85bb811246c59ebab70aed331f26ba37b18 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Sat, 18 Jul 2015 07:57:14 +0000 +Subject: upstream commit + +only query each keyboard-interactive device once per + authentication request regardless of how many times it is listed; ok markus@ + +Upstream-ID: d73fafba6e86030436ff673656ec1f33d9ffeda1 +--- + auth2-chall.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/auth2-chall.c b/auth2-chall.c +index ddabe1a..4aff09d 100644 +--- a/auth2-chall.c ++++ b/auth2-chall.c +@@ -83,6 +83,7 @@ struct KbdintAuthctxt + void *ctxt; + KbdintDevice *device; + u_int nreq; ++ u_int devices_done; + }; + + #ifdef USE_PAM +@@ -169,11 +170,15 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt) + if (len == 0) + break; + for (i = 0; devices[i]; i++) { +- if (!auth2_method_allowed(authctxt, ++ if ((kbdintctxt->devices_done & (1 << i)) != 0 || ++ !auth2_method_allowed(authctxt, + "keyboard-interactive", devices[i]->name)) + continue; +- if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0) ++ if (strncmp(kbdintctxt->devices, devices[i]->name, ++ len) == 0) { + kbdintctxt->device = devices[i]; ++ kbdintctxt->devices_done |= 1 << i; ++ } + } + t = kbdintctxt->devices; + kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL; +-- +cgit v0.11.2 + + diff --git a/openssh.spec b/openssh.spec index 0c95177..df0c85f 100644 --- a/openssh.spec +++ b/openssh.spec @@ -223,6 +223,8 @@ Patch926: openssh-6.7p1-sftp-force-permission.patch Patch928: openssh-6.8p1-memory-problems.patch # Restore compatible default (#89216) Patch929: openssh-6.9p1-permit-root-login.patch +# authentication limits (MaxAuthTries) bypass [security] (#1245971) +Patch930: openssh-6.9p1-authentication-limits-bypass.patch @@ -446,6 +448,7 @@ popd %patch926 -p1 -b .sftp-force-mode %patch928 -p1 -b .memory %patch929 -p1 -b .root-login +%patch930 -p1 -b .kbd %patch200 -p1 -b .audit %patch700 -p1 -b .fips