aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnderson Toshiyuki Sasaki <ansasaki@redhat.com>2018-09-19 14:12:56 +0200
committerAndreas Schneider <asn@cryptomilk.org>2018-10-09 11:45:58 +0200
commitddea46f890bd5d87669f23b26d676adedaa5f610 (patch)
tree640e2902ea628287529c16140dd1028804a998ec
parente5f0e711b05c2ec4c2d016a6abaedae2959ddba2 (diff)
downloadlibssh-ddea46f890bd5d87669f23b26d676adedaa5f610.tar.gz
libssh-ddea46f890bd5d87669f23b26d676adedaa5f610.tar.xz
libssh-ddea46f890bd5d87669f23b26d676adedaa5f610.zip
CVE-2018-10933: Introduce SSH_AUTH_STATE_PASSWORD_AUTH_SENT
The introduced auth state allows to identify when authentication using password was tried. Fixes T101 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
-rw-r--r--include/libssh/auth.h2
-rwxr-xr-xsrc/auth.c4
2 files changed, 5 insertions, 1 deletions
diff --git a/include/libssh/auth.h b/include/libssh/auth.h
index 05754460..1fc00e20 100644
--- a/include/libssh/auth.h
+++ b/include/libssh/auth.h
@@ -94,6 +94,8 @@ enum ssh_auth_state_e {
SSH_AUTH_STATE_PUBKEY_OFFER_SENT,
/** We have sent pubkey and signature expecting to be authenticated */
SSH_AUTH_STATE_PUBKEY_AUTH_SENT,
+ /** We have sent a password expecting to be authenticated */
+ SSH_AUTH_STATE_PASSWORD_AUTH_SENT,
};
/** @internal
diff --git a/src/auth.c b/src/auth.c
index 964e82a6..3719b18a 100755
--- a/src/auth.c
+++ b/src/auth.c
@@ -87,6 +87,7 @@ static int ssh_auth_response_termination(void *user){
case SSH_AUTH_STATE_GSSAPI_MIC_SENT:
case SSH_AUTH_STATE_PUBKEY_AUTH_SENT:
case SSH_AUTH_STATE_PUBKEY_OFFER_SENT:
+ case SSH_AUTH_STATE_PASSWORD_AUTH_SENT:
return 0;
default:
return 1;
@@ -141,6 +142,7 @@ static int ssh_userauth_get_response(ssh_session session) {
case SSH_AUTH_STATE_GSSAPI_MIC_SENT:
case SSH_AUTH_STATE_PUBKEY_OFFER_SENT:
case SSH_AUTH_STATE_PUBKEY_AUTH_SENT:
+ case SSH_AUTH_STATE_PASSWORD_AUTH_SENT:
case SSH_AUTH_STATE_NONE:
/* not reached */
rc = SSH_AUTH_ERROR;
@@ -1173,7 +1175,7 @@ int ssh_userauth_password(ssh_session session,
goto fail;
}
- session->auth_state = SSH_AUTH_STATE_NONE;
+ session->auth_state = SSH_AUTH_STATE_PASSWORD_AUTH_SENT;
session->pending_call_state = SSH_PENDING_CALL_AUTH_OFFER_PUBKEY;
rc = packet_send(session);
if (rc == SSH_ERROR) {