diff options
author | Darren Tucker <dtucker@zip.com.au> | 2009-10-24 11:47:58 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2009-10-24 11:47:58 +1100 |
commit | 2f29a8caba867a2b0c32772de705657de726dcca (patch) | |
tree | e887e2c756a32dc65948ba5ac41624b1bd3c1a1c /sshconnect2.c | |
parent | dfb9b716500f777563a8f6f36072210fea167530 (diff) |
- djm@cvs.openbsd.org 2009/10/23 01:57:11
[sshconnect2.c]
disallow a hostile server from checking jpake auth by sending an
out-of-sequence success message. (doesn't affect code enabled by default)
Diffstat (limited to 'sshconnect2.c')
-rw-r--r-- | sshconnect2.c | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index 260c6307..1e0e9d5e 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.171 2009/03/05 07:18:19 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.172 2009/10/23 01:57:11 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -210,6 +210,7 @@ struct Authmethod { }; void input_userauth_success(int, u_int32_t, void *); +void input_userauth_success_unexpected(int, u_int32_t, void *); void input_userauth_failure(int, u_int32_t, void *); void input_userauth_banner(int, u_int32_t, void *); void input_userauth_error(int, u_int32_t, void *); @@ -427,12 +428,15 @@ void input_userauth_success(int type, u_int32_t seq, void *ctxt) { Authctxt *authctxt = ctxt; + if (authctxt == NULL) fatal("input_userauth_success: no authentication context"); if (authctxt->authlist) { xfree(authctxt->authlist); authctxt->authlist = NULL; } + if (authctxt->method != NULL && authctxt->method->cleanup != NULL) + authctxt->method->cleanup(authctxt); if (authctxt->methoddata) { xfree(authctxt->methoddata); authctxt->methoddata = NULL; @@ -440,6 +444,18 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt) authctxt->success = 1; /* break out */ } +void +input_userauth_success_unexpected(int type, u_int32_t seq, void *ctxt) +{ + Authctxt *authctxt = ctxt; + + if (authctxt == NULL) + fatal("%s: no authentication context", __func__); + + fatal("Unexpected authentication success during %s.", + authctxt->method->name); +} + /* ARGSUSED */ void input_userauth_failure(int type, u_int32_t seq, void *ctxt) @@ -1709,6 +1725,8 @@ userauth_jpake(Authctxt *authctxt) /* Expect step 1 packet from peer */ dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1, input_userauth_jpake_server_step1); + dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, + &input_userauth_success_unexpected); return 1; } @@ -1721,6 +1739,7 @@ userauth_jpake_cleanup(Authctxt *authctxt) jpake_free(authctxt->methoddata); authctxt->methoddata = NULL; } + dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success); } #endif /* JPAKE */ |