upstream: delay bailout for invalid authentic
=?UTF-8?q?ating=20user=20until=20after=20the=20packet=20containing=20the?= =?UTF-8?q?=20request=20has=20been=20fully=20parsed.=20Reported=20by=20Dar?= =?UTF-8?q?iusz=20Tytko=20and=20Micha=C5=82=20Sajdak;=20ok=20deraadt?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenBSD-Commit-ID: b4891882fbe413f230fe8ac8a37349b03bd0b70d
This commit is contained in:
djm@openbsd.org
Damien Miller
parent
1a66079c06
commit
74287f5df9
11
auth2-gss.c
11
auth2-gss.c
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2-gss.c,v 1.28 2018/07/10 09:13:30 djm Exp $ */
|
||||
/* $OpenBSD: auth2-gss.c,v 1.29 2018/07/31 03:10:27 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
||||
|
|
@ -70,9 +70,6 @@ userauth_gssapi(struct ssh *ssh)
|
|||
size_t len;
|
||||
u_char *doid = NULL;
|
||||
|
||||
if (!authctxt->valid || authctxt->user == NULL)
|
||||
return (0);
|
||||
|
||||
if ((r = sshpkt_get_u32(ssh, &mechs)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
|
||||
|
|
@ -106,6 +103,12 @@ userauth_gssapi(struct ssh *ssh)
|
|||
return (0);
|
||||
}
|
||||
|
||||
if (!authctxt->valid || authctxt->user == NULL) {
|
||||
debug2("%s: disabled because of invalid user", __func__);
|
||||
free(doid);
|
||||
return (0);
|
||||
}
|
||||
|
||||
if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) {
|
||||
if (ctxt != NULL)
|
||||
ssh_gssapi_delete_ctx(&ctxt);
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2-hostbased.c,v 1.35 2018/07/09 21:35:50 markus Exp $ */
|
||||
/* $OpenBSD: auth2-hostbased.c,v 1.36 2018/07/31 03:10:27 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
|
@ -67,10 +67,6 @@ userauth_hostbased(struct ssh *ssh)
|
|||
size_t alen, blen, slen;
|
||||
int r, pktype, authenticated = 0;
|
||||
|
||||
if (!authctxt->valid) {
|
||||
debug2("%s: disabled because of invalid user", __func__);
|
||||
return 0;
|
||||
}
|
||||
/* XXX use sshkey_froms() */
|
||||
if ((r = sshpkt_get_cstring(ssh, &pkalg, &alen)) != 0 ||
|
||||
(r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0 ||
|
||||
|
|
@ -117,6 +113,11 @@ userauth_hostbased(struct ssh *ssh)
|
|||
goto done;
|
||||
}
|
||||
|
||||
if (!authctxt->valid || authctxt->user == NULL) {
|
||||
debug2("%s: disabled because of invalid user", __func__);
|
||||
goto done;
|
||||
}
|
||||
|
||||
if ((b = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
/* reconstruct packet */
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2-pubkey.c,v 1.82 2018/07/11 18:55:11 markus Exp $ */
|
||||
/* $OpenBSD: auth2-pubkey.c,v 1.83 2018/07/31 03:10:27 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
|
@ -89,19 +89,15 @@ userauth_pubkey(struct ssh *ssh)
|
|||
{
|
||||
Authctxt *authctxt = ssh->authctxt;
|
||||
struct passwd *pw = authctxt->pw;
|
||||
struct sshbuf *b;
|
||||
struct sshbuf *b = NULL;
|
||||
struct sshkey *key = NULL;
|
||||
char *pkalg, *userstyle = NULL, *key_s = NULL, *ca_s = NULL;
|
||||
u_char *pkblob, *sig, have_sig;
|
||||
char *pkalg = NULL, *userstyle = NULL, *key_s = NULL, *ca_s = NULL;
|
||||
u_char *pkblob = NULL, *sig = NULL, have_sig;
|
||||
size_t blen, slen;
|
||||
int r, pktype;
|
||||
int authenticated = 0;
|
||||
struct sshauthopt *authopts = NULL;
|
||||
|
||||
if (!authctxt->valid) {
|
||||
debug2("%s: disabled because of invalid user", __func__);
|
||||
return 0;
|
||||
}
|
||||
if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 ||
|
||||
(r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
|
||||
(r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0)
|
||||
|
|
@ -167,6 +163,11 @@ userauth_pubkey(struct ssh *ssh)
|
|||
fatal("%s: sshbuf_put_string session id: %s",
|
||||
__func__, ssh_err(r));
|
||||
}
|
||||
if (!authctxt->valid || authctxt->user == NULL) {
|
||||
debug2("%s: disabled because of invalid user",
|
||||
__func__);
|
||||
goto done;
|
||||
}
|
||||
/* reconstruct packet */
|
||||
xasprintf(&userstyle, "%s%s%s", authctxt->user,
|
||||
authctxt->style ? ":" : "",
|
||||
|
|
@ -183,7 +184,6 @@ userauth_pubkey(struct ssh *ssh)
|
|||
#ifdef DEBUG_PK
|
||||
sshbuf_dump(b, stderr);
|
||||
#endif
|
||||
|
||||
/* test for correct signature */
|
||||
authenticated = 0;
|
||||
if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) &&
|
||||
|
|
@ -194,7 +194,6 @@ userauth_pubkey(struct ssh *ssh)
|
|||
authenticated = 1;
|
||||
}
|
||||
sshbuf_free(b);
|
||||
free(sig);
|
||||
auth2_record_key(authctxt, authenticated, key);
|
||||
} else {
|
||||
debug("%s: test pkalg %s pkblob %s%s%s",
|
||||
|
|
@ -205,6 +204,11 @@ userauth_pubkey(struct ssh *ssh)
|
|||
if ((r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
|
||||
if (!authctxt->valid || authctxt->user == NULL) {
|
||||
debug2("%s: disabled because of invalid user",
|
||||
__func__);
|
||||
goto done;
|
||||
}
|
||||
/* XXX fake reply and always send PK_OK ? */
|
||||
/*
|
||||
* XXX this allows testing whether a user is allowed
|
||||
|
|
@ -238,6 +242,7 @@ done:
|
|||
free(pkblob);
|
||||
free(key_s);
|
||||
free(ca_s);
|
||||
free(sig);
|
||||
return authenticated;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue