diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2022-02-23 11:18:14 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2022-02-23 11:18:14 +0000 |
| commit | 042eaff7411d3225c03151edeb8bed97140400e7 (patch) | |
| tree | 7fc591c33a871f7cad9201e84ffe3b8d102bd657 /usr.bin/ssh/auth2.c | |
| parent | 5ef95a465e807fe45fe7fcc4b73f5373208d693c (diff) | |
avoid integer overflow of auth attempts (harmless, caught by monitor)
Diffstat (limited to 'usr.bin/ssh/auth2.c')
| -rw-r--r-- | usr.bin/ssh/auth2.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/usr.bin/ssh/auth2.c b/usr.bin/ssh/auth2.c index ba7b3573d75..706934a6a9c 100644 --- a/usr.bin/ssh/auth2.c +++ b/usr.bin/ssh/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.163 2021/12/26 23:34:41 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.164 2022/02/23 11:18:13 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -269,6 +269,8 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) if ((style = strchr(user, ':')) != NULL) *style++ = 0; + if (authctxt->attempt >= 1024) + auth_maxtries_exceeded(ssh); if (authctxt->attempt++ == 0) { /* setup auth context */ authctxt->pw = PRIVSEP(getpwnamallow(ssh, user)); @@ -276,6 +278,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) authctxt->valid = 1; debug2_f("setting up authctxt for %s", user); } else { + authctxt->valid = 0; /* Invalid user, fake password information */ authctxt->pw = fakepw(); } |