upstream: avoid integer overflow of auth attempts (harmless, caught

by monitor)

OpenBSD-Commit-ID: 488ad570b003b21e0cd9e7a00349cfc1003b4d86
This commit is contained in:
djm@openbsd.org 2022-02-23 11:18:13 +00:00 committed by Damien Miller
parent 6e0258c64c
commit 32ebaa0dbc
1 changed files with 4 additions and 1 deletions

View File

@ -1,4 +1,4 @@
/* $OpenBSD: auth2.c,v 1.163 2021/12/26 23:34:41 djm Exp $ */ /* $OpenBSD: auth2.c,v 1.164 2022/02/23 11:18:13 djm Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
* *
@ -279,6 +279,8 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
if ((style = strchr(user, ':')) != NULL) if ((style = strchr(user, ':')) != NULL)
*style++ = 0; *style++ = 0;
if (authctxt->attempt >= 1024)
auth_maxtries_exceeded(ssh);
if (authctxt->attempt++ == 0) { if (authctxt->attempt++ == 0) {
/* setup auth context */ /* setup auth context */
authctxt->pw = PRIVSEP(getpwnamallow(ssh, user)); authctxt->pw = PRIVSEP(getpwnamallow(ssh, user));
@ -287,6 +289,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
authctxt->valid = 1; authctxt->valid = 1;
debug2_f("setting up authctxt for %s", user); debug2_f("setting up authctxt for %s", user);
} else { } else {
authctxt->valid = 0;
/* Invalid user, fake password information */ /* Invalid user, fake password information */
authctxt->pw = fakepw(); authctxt->pw = fakepw();
#ifdef SSH_AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS