diff options
author | Darren Tucker <dtucker@zip.com.au> | 2003-12-31 11:43:24 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2003-12-31 11:43:24 +1100 |
commit | ea2870619d295b0ff6398b3115c4a4e0ac543edb (patch) | |
tree | dece7fcb87968a4bff58e7171a8a3ddf385b67cb | |
parent | 0b3b97512fc3bae1aad38ddff2222bcca5f80f0e (diff) |
- dtucker@cvs.openbsd.org 2003/12/31 00:24:50
[auth2-passwd.c]
Ignore password change request during password auth (which we currently
don't support) and discard proposed new password. corrections/ok markus@
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | auth2-passwd.c | 20 |
2 files changed, 19 insertions, 7 deletions
@@ -13,6 +13,10 @@ - millert@cvs.openbsd.org 2003/12/29 16:39:50 [sshd_config] KeepAlive has been obsoleted, use TCPKeepAlive instead; markus@ OK + - dtucker@cvs.openbsd.org 2003/12/31 00:24:50 + [auth2-passwd.c] + Ignore password change request during password auth (which we currently + don't support) and discard proposed new password. corrections/ok markus@ 20031219 - (dtucker) [defines.h] Bug #458: Define SIZE_T_MAX as UINT_MAX if we @@ -1632,4 +1636,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.3156 2003/12/31 00:38:32 dtucker Exp $ +$Id: ChangeLog,v 1.3157 2003/12/31 00:43:24 dtucker Exp $ diff --git a/auth2-passwd.c b/auth2-passwd.c index 67fb4c92..a4f482d2 100644 --- a/auth2-passwd.c +++ b/auth2-passwd.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2-passwd.c,v 1.4 2003/08/26 09:58:43 markus Exp $"); +RCSID("$OpenBSD: auth2-passwd.c,v 1.5 2003/12/31 00:24:50 dtucker Exp $"); #include "xmalloc.h" #include "packet.h" @@ -38,16 +38,24 @@ extern ServerOptions options; static int userauth_passwd(Authctxt *authctxt) { - char *password; + char *password, *newpass; int authenticated = 0; int change; - u_int len; + u_int len, newlen; + change = packet_get_char(); - if (change) - logit("password change not supported"); password = packet_get_string(&len); + if (change) { + /* discard new password from packet */ + newpass = packet_get_string(&newlen); + memset(newpass, 0, newlen); + xfree(newpass); + } packet_check_eom(); - if (PRIVSEP(auth_password(authctxt, password)) == 1 + + if (change) + logit("password change not supported"); + else if (PRIVSEP(auth_password(authctxt, password)) == 1 #ifdef HAVE_CYGWIN && check_nt_auth(1, authctxt->pw) #endif |