diff options
author | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2018-09-19 17:01:15 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2018-10-16 09:19:40 +0200 |
commit | 7819621fc2a07d2d4649b36ca77850610741cfec (patch) | |
tree | 11bb7c99ccbe852b3277b8c6d7ab105659f3bf2f | |
parent | fcfba0d8aa15a0142e57513f271eb7fa4bbabc9a (diff) | |
download | libssh-7819621fc2a07d2d4649b36ca77850610741cfec.tar.gz libssh-7819621fc2a07d2d4649b36ca77850610741cfec.tar.xz libssh-7819621fc2a07d2d4649b36ca77850610741cfec.zip |
CVE-2018-10933: Introduce SSH_AUTH_STATE_AUTH_NONE_SENT
The introduced auth state allows to identify when a request without
authentication information was sent.
Fixes T101
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r-- | include/libssh/auth.h | 2 | ||||
-rw-r--r-- | src/auth.c | 4 |
2 files changed, 5 insertions, 1 deletions
diff --git a/include/libssh/auth.h b/include/libssh/auth.h index 899282c1..90b377d4 100644 --- a/include/libssh/auth.h +++ b/include/libssh/auth.h @@ -82,6 +82,8 @@ enum ssh_auth_state_e { SSH_AUTH_STATE_PUBKEY_AUTH_SENT, /** We have sent a password expecting to be authenticated */ SSH_AUTH_STATE_PASSWORD_AUTH_SENT, + /** We have sent a request without auth information (method 'none') */ + SSH_AUTH_STATE_AUTH_NONE_SENT, }; /** @internal @@ -88,6 +88,7 @@ static int ssh_auth_response_termination(void *user) { case SSH_AUTH_STATE_PUBKEY_AUTH_SENT: case SSH_AUTH_STATE_PUBKEY_OFFER_SENT: case SSH_AUTH_STATE_PASSWORD_AUTH_SENT: + case SSH_AUTH_STATE_AUTH_NONE_SENT: return 0; default: return 1; @@ -173,6 +174,7 @@ static int ssh_userauth_get_response(ssh_session session) { case SSH_AUTH_STATE_PUBKEY_OFFER_SENT: case SSH_AUTH_STATE_PUBKEY_AUTH_SENT: case SSH_AUTH_STATE_PASSWORD_AUTH_SENT: + case SSH_AUTH_STATE_AUTH_NONE_SENT: case SSH_AUTH_STATE_NONE: /* not reached */ rc = SSH_AUTH_ERROR; @@ -428,7 +430,7 @@ int ssh_userauth_none(ssh_session session, const char *username) { } session->auth.current_method = SSH_AUTH_METHOD_NONE; - session->auth.state = SSH_AUTH_STATE_NONE; + session->auth.state = SSH_AUTH_STATE_AUTH_NONE_SENT; session->pending_call_state = SSH_PENDING_CALL_AUTH_NONE; rc = ssh_packet_send(session); if (rc == SSH_ERROR) { |