CVE-2018-10933: Introduce SSH_AUTH_STATE_AUTH_NONE_SENT

The introduced auth state allows to identify when a request without authentication information was sent. Fixes T101 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2026-02-05 12:50:30 +09:00 · 2018-09-19 15:55:43 +02:00
parent ddea46f890
commit acd6a1ca8a
2 changed files with 5 additions and 1 deletions
--- a/include/libssh/auth.h
+++ b/include/libssh/auth.h
@@ -96,6 +96,8 @@ enum ssh_auth_state_e {
  SSH_AUTH_STATE_PUBKEY_AUTH_SENT,
  /** We have sent a password expecting to be authenticated */
  SSH_AUTH_STATE_PASSWORD_AUTH_SENT,
+  /** We have sent a request without auth information (method 'none') */
+  SSH_AUTH_STATE_AUTH_NONE_SENT,
 };

 /** @internal
--- a/src/auth.c
+++ b/src/auth.c
@@ -88,6 +88,7 @@ static int ssh_auth_response_termination(void *user){
    case SSH_AUTH_STATE_PUBKEY_AUTH_SENT:
    case SSH_AUTH_STATE_PUBKEY_OFFER_SENT:
    case SSH_AUTH_STATE_PASSWORD_AUTH_SENT:
+    case SSH_AUTH_STATE_AUTH_NONE_SENT:
      return 0;
    default:
      return 1;
@@ -143,6 +144,7 @@ static int ssh_userauth_get_response(ssh_session session) {
        case SSH_AUTH_STATE_PUBKEY_OFFER_SENT:
        case SSH_AUTH_STATE_PUBKEY_AUTH_SENT:
        case SSH_AUTH_STATE_PASSWORD_AUTH_SENT:
+        case SSH_AUTH_STATE_AUTH_NONE_SENT:
        case SSH_AUTH_STATE_NONE:
            /* not reached */
            rc = SSH_AUTH_ERROR;
@@ -401,7 +403,7 @@ int ssh_userauth_none(ssh_session session, const char *username) {
        goto fail;
    }

-    session->auth_state = SSH_AUTH_STATE_NONE;
+    session->auth_state = SSH_AUTH_STATE_AUTH_NONE_SENT;
    session->pending_call_state = SSH_PENDING_CALL_AUTH_NONE;
    rc = packet_send(session);
    if (rc == SSH_ERROR) {