From acd6a1ca8a332a204b616ab6bef413bee5d3409d Mon Sep 17 00:00:00 2001 From: Anderson Toshiyuki Sasaki Date: Wed, 19 Sep 2018 15:55:43 +0200 Subject: CVE-2018-10933: Introduce SSH_AUTH_STATE_AUTH_NONE_SENT The introduced auth state allows to identify when a request without authentication information was sent. Fixes T101 Signed-off-by: Anderson Toshiyuki Sasaki --- include/libssh/auth.h | 2 ++ src/auth.c | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/include/libssh/auth.h b/include/libssh/auth.h index 1fc00e20..75bc7546 100644 --- a/include/libssh/auth.h +++ b/include/libssh/auth.h @@ -96,6 +96,8 @@ enum ssh_auth_state_e { SSH_AUTH_STATE_PUBKEY_AUTH_SENT, /** We have sent a password expecting to be authenticated */ SSH_AUTH_STATE_PASSWORD_AUTH_SENT, + /** We have sent a request without auth information (method 'none') */ + SSH_AUTH_STATE_AUTH_NONE_SENT, }; /** @internal diff --git a/src/auth.c b/src/auth.c index 3719b18a..2bc73760 100755 --- a/src/auth.c +++ b/src/auth.c @@ -88,6 +88,7 @@ static int ssh_auth_response_termination(void *user){ case SSH_AUTH_STATE_PUBKEY_AUTH_SENT: case SSH_AUTH_STATE_PUBKEY_OFFER_SENT: case SSH_AUTH_STATE_PASSWORD_AUTH_SENT: + case SSH_AUTH_STATE_AUTH_NONE_SENT: return 0; default: return 1; @@ -143,6 +144,7 @@ static int ssh_userauth_get_response(ssh_session session) { case SSH_AUTH_STATE_PUBKEY_OFFER_SENT: case SSH_AUTH_STATE_PUBKEY_AUTH_SENT: case SSH_AUTH_STATE_PASSWORD_AUTH_SENT: + case SSH_AUTH_STATE_AUTH_NONE_SENT: case SSH_AUTH_STATE_NONE: /* not reached */ rc = SSH_AUTH_ERROR; @@ -401,7 +403,7 @@ int ssh_userauth_none(ssh_session session, const char *username) { goto fail; } - session->auth_state = SSH_AUTH_STATE_NONE; + session->auth_state = SSH_AUTH_STATE_AUTH_NONE_SENT; session->pending_call_state = SSH_PENDING_CALL_AUTH_NONE; rc = packet_send(session); if (rc == SSH_ERROR) { -- cgit v1.2.3