diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2023-08-16 16:14:12 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2023-08-16 16:14:12 +0000 |
| commit | 3512e5f0288cf11a5a332e915a87d060ac56f483 (patch) | |
| tree | 4885dd72bca439f5c9856eb98481f228b8217c0f /usr.bin | |
| parent | 116dc36a49f98d7259a9ceed5108dccd223ff409 (diff) | |
defence-in-depth MaxAuthTries check in monitor; ok markus
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ssh/monitor.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index ca1d34eb5bf..8746a8e2cf8 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.236 2023/05/10 10:04:20 dtucker Exp $ */ +/* $OpenBSD: monitor.c,v 1.237 2023/08/16 16:14:11 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -279,6 +279,11 @@ monitor_child_preauth(struct ssh *ssh, struct monitor *pmonitor) auth_method, auth_submethod); } } + if (authctxt->failures > options.max_authtries) { + /* Shouldn't happen */ + fatal_f("privsep child made too many authentication " + "attempts"); + } } if (!authctxt->valid) |