diff options
author | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2018-09-10 17:38:22 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2018-10-16 09:19:40 +0200 |
commit | fcfba0d8aa15a0142e57513f271eb7fa4bbabc9a (patch) | |
tree | 4b87647845c7869c366a4e96d3c0b8a44dd87b0e | |
parent | b166ac4749c78f475b1708f0345e6ca2749c5d6d (diff) | |
download | libssh-fcfba0d8aa15a0142e57513f271eb7fa4bbabc9a.tar.gz libssh-fcfba0d8aa15a0142e57513f271eb7fa4bbabc9a.tar.xz libssh-fcfba0d8aa15a0142e57513f271eb7fa4bbabc9a.zip |
CVE-2018-10933: Introduce SSH_AUTH_STATE_PASSWORD_AUTH_SENT
The introduced auth state allows to identify when authentication using
password was tried.
Fixes T101
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r-- | include/libssh/auth.h | 2 | ||||
-rw-r--r-- | src/auth.c | 4 |
2 files changed, 5 insertions, 1 deletions
diff --git a/include/libssh/auth.h b/include/libssh/auth.h index 8daab47d..899282c1 100644 --- a/include/libssh/auth.h +++ b/include/libssh/auth.h @@ -80,6 +80,8 @@ enum ssh_auth_state_e { SSH_AUTH_STATE_PUBKEY_OFFER_SENT, /** We have sent pubkey and signature expecting to be authenticated */ SSH_AUTH_STATE_PUBKEY_AUTH_SENT, + /** We have sent a password expecting to be authenticated */ + SSH_AUTH_STATE_PASSWORD_AUTH_SENT, }; /** @internal @@ -87,6 +87,7 @@ static int ssh_auth_response_termination(void *user) { case SSH_AUTH_STATE_GSSAPI_MIC_SENT: case SSH_AUTH_STATE_PUBKEY_AUTH_SENT: case SSH_AUTH_STATE_PUBKEY_OFFER_SENT: + case SSH_AUTH_STATE_PASSWORD_AUTH_SENT: return 0; default: return 1; @@ -171,6 +172,7 @@ static int ssh_userauth_get_response(ssh_session session) { case SSH_AUTH_STATE_GSSAPI_MIC_SENT: case SSH_AUTH_STATE_PUBKEY_OFFER_SENT: case SSH_AUTH_STATE_PUBKEY_AUTH_SENT: + case SSH_AUTH_STATE_PASSWORD_AUTH_SENT: case SSH_AUTH_STATE_NONE: /* not reached */ rc = SSH_AUTH_ERROR; @@ -1268,7 +1270,7 @@ int ssh_userauth_password(ssh_session session, } session->auth.current_method = SSH_AUTH_METHOD_PASSWORD; - session->auth.state = SSH_AUTH_STATE_NONE; + session->auth.state = SSH_AUTH_STATE_PASSWORD_AUTH_SENT; session->pending_call_state = SSH_PENDING_CALL_AUTH_PASSWORD; rc = ssh_packet_send(session); if (rc == SSH_ERROR) { |