mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-25 03:12:10 +00:00
Prevent excessively long username going to PAM.
This is a mitigation for a buffer overflow in Solaris' PAM username handling (CVE-2020-14871), and is only enabled for Sun-derived PAM implementations. This is not a problem in sshd itself, it only prevents sshd from being used as a vector to attack Solaris' PAM. It does not prevent the bug in PAM from being exploited via some other PAM application. Based on github PR#212 from Mike Scott but implemented slightly differently. ok tim@ djm@
This commit is contained in:
parent
10dce8ff68
commit
fcf429a4c6
@ -689,6 +689,12 @@ sshpam_init(struct ssh *ssh, Authctxt *authctxt)
|
||||
const char *pam_user, *user = authctxt->user;
|
||||
const char **ptr_pam_user = &pam_user;
|
||||
|
||||
#if defined(PAM_SUN_CODEBASE) && defined(PAM_MAX_RESP_SIZE)
|
||||
/* Protect buggy PAM implementations from excessively long usernames */
|
||||
if (strlen(user) >= PAM_MAX_RESP_SIZE)
|
||||
fatal("Username too long from %s port %d",
|
||||
ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
|
||||
#endif
|
||||
if (sshpam_handle == NULL) {
|
||||
if (ssh == NULL) {
|
||||
fatal("%s: called initially with no "
|
||||
|
Loading…
Reference in New Issue
Block a user