aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnderson Toshiyuki Sasaki <ansasaki@redhat.com>2018-09-19 17:01:15 +0200
committerAndreas Schneider <asn@cryptomilk.org>2018-10-16 09:19:40 +0200
commit7819621fc2a07d2d4649b36ca77850610741cfec (patch)
tree11bb7c99ccbe852b3277b8c6d7ab105659f3bf2f
parentfcfba0d8aa15a0142e57513f271eb7fa4bbabc9a (diff)
downloadlibssh-7819621fc2a07d2d4649b36ca77850610741cfec.tar.gz
libssh-7819621fc2a07d2d4649b36ca77850610741cfec.tar.xz
libssh-7819621fc2a07d2d4649b36ca77850610741cfec.zip
CVE-2018-10933: Introduce SSH_AUTH_STATE_AUTH_NONE_SENT
The introduced auth state allows to identify when a request without authentication information was sent. Fixes T101 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r--include/libssh/auth.h2
-rw-r--r--src/auth.c4
2 files changed, 5 insertions, 1 deletions
diff --git a/include/libssh/auth.h b/include/libssh/auth.h
index 899282c1..90b377d4 100644
--- a/include/libssh/auth.h
+++ b/include/libssh/auth.h
@@ -82,6 +82,8 @@ enum ssh_auth_state_e {
SSH_AUTH_STATE_PUBKEY_AUTH_SENT,
/** We have sent a password expecting to be authenticated */
SSH_AUTH_STATE_PASSWORD_AUTH_SENT,
+ /** We have sent a request without auth information (method 'none') */
+ SSH_AUTH_STATE_AUTH_NONE_SENT,
};
/** @internal
diff --git a/src/auth.c b/src/auth.c
index 2b06d2e1..993e6dfe 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -88,6 +88,7 @@ static int ssh_auth_response_termination(void *user) {
case SSH_AUTH_STATE_PUBKEY_AUTH_SENT:
case SSH_AUTH_STATE_PUBKEY_OFFER_SENT:
case SSH_AUTH_STATE_PASSWORD_AUTH_SENT:
+ case SSH_AUTH_STATE_AUTH_NONE_SENT:
return 0;
default:
return 1;
@@ -173,6 +174,7 @@ static int ssh_userauth_get_response(ssh_session session) {
case SSH_AUTH_STATE_PUBKEY_OFFER_SENT:
case SSH_AUTH_STATE_PUBKEY_AUTH_SENT:
case SSH_AUTH_STATE_PASSWORD_AUTH_SENT:
+ case SSH_AUTH_STATE_AUTH_NONE_SENT:
case SSH_AUTH_STATE_NONE:
/* not reached */
rc = SSH_AUTH_ERROR;
@@ -428,7 +430,7 @@ int ssh_userauth_none(ssh_session session, const char *username) {
}
session->auth.current_method = SSH_AUTH_METHOD_NONE;
- session->auth.state = SSH_AUTH_STATE_NONE;
+ session->auth.state = SSH_AUTH_STATE_AUTH_NONE_SENT;
session->pending_call_state = SSH_PENDING_CALL_AUTH_NONE;
rc = ssh_packet_send(session);
if (rc == SSH_ERROR) {