Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 407558 Details for
Bug 555518
<net-misc/openssh-7.1_p1-r2: MaxAuthTries bypass attack Vulnerability (CVE-2015-5600)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
openssl-6_9p1_kbd-interactive.diff
openssl-6_9p1_kbd-interactive.diff (text/plain), 1.32 KB, created by
kfm
on 2015-07-24 23:36:14 UTC
(
hide
)
Description:
openssl-6_9p1_kbd-interactive.diff
Filename:
MIME Type:
Creator:
kfm
Created:
2015-07-24 23:36:14 UTC
Size:
1.32 KB
patch
obsolete
>From 5b64f85bb811246c59ebab70aed331f26ba37b18 Mon Sep 17 00:00:00 2001 >From: "djm () openbsd org" <djm () openbsd org> >Date: Sat, 18 Jul 2015 07:57:14 +0000 >Subject: [PATCH] upstream commit > >Query each keyboard-interactive device only once per authentication >request regardless of how many times it is listed; ok markus@ > >Upstream-ID: d73fafba6e86030436ff673656ec1f33d9ffeda1 >Reference-ID: 701a201481b751df5ed85b68de259637 > >--- > auth2-chall.c | 11 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > >--- a/auth2-chall.c >+++ b/auth2-chall.c >@@ -83,6 +83,7 @@ struct KbdintAuthctxt > void *ctxt; > KbdintDevice *device; > u_int nreq; >+ u_int devices_done; > }; > > #ifdef USE_PAM >@@ -169,11 +170,15 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt) > if (len == 0) > break; > for (i = 0; devices[i]; i++) { >- if (!auth2_method_allowed(authctxt, >+ if ((kbdintctxt->devices_done & (1 << i)) != 0 || >+ !auth2_method_allowed(authctxt, > "keyboard-interactive", devices[i]->name)) > continue; >- if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0) >+ if (strncmp(kbdintctxt->devices, devices[i]->name, >+ len) == 0) { > kbdintctxt->device = devices[i]; >+ kbdintctxt->devices_done |= 1 << i; >+ } > } > t = kbdintctxt->devices; > kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 555518
: 407558